Supreme Court upholds US law forcing TikTok ban or sale

The unanimous ruling means a U.S. ban of the social media site will take effect, but could also press TikTok’s Chinese owner into serious sale talks.

By Justin Bachman • Jan. 17, 2025

Cyberattacks, tech disruption ranked as top threats to business growth

Forty percent of executives view data breaches and leaks as the most financially burdensome man-made threats, a Chubb study found.

By Alexei Alexis • Jan. 8, 2025

SEC settles ransomware case against ICBC unit

The agency opted not to impose a fine on the U.S. unit of China's largest bank, which had difficulty updating system books and records after a 2023 cyberattack.

By Rajashree Chakravarty • Dec. 3, 2024

CFPB proposes rule to rein in data brokers’ sale of consumer information

With the proposal, the federal agency aims to crack down on fraudsters and others seeking to use sensitive personal information for illicit activities.

By Lynne Marek • Dec. 3, 2024

Privacy and corporate disclosure laws are on collision course, paper says

States have created a patchwork of consumer privacy laws that will likely conflict with corporate disclosure mandates, according to a law professor.

By Justin Bachman • Nov. 21, 2024

SEC settles charges with 4 firms it says downplayed SolarWinds hack exposure

The agency alleged Unisys, Avaya, Check Point Software and Mimecast misled investors about the extent of their respective cyber risks.

By David Jones • Oct. 22, 2024

Where organizations invest after a data breach

Asking customers to foot the bill for data breach remediation will not prevent future data breaches or address the issues that cause costs to increase.

By Sue Poremba • Oct. 22, 2024

Majority of global CISOs want to split roles as regulatory burdens grow

Trellix research shows rising cybersecurity demands from the SEC and other government bodies are pushing CISOs even closer to the edge.

By David Jones • Oct. 15, 2024

Cybersecurity risk called a human issue, not a technical problem

Ransomware and phishing attacks are evolving and an effective cybersecurity approach requires employees to be educated about risks, a panel of experts says. 

By Justin Bachman • Oct. 2, 2024

FCC reaches $31.5M settlement with T-Mobile over rash of data breaches

The company agreed to a major change in board-level governance and will make a series of upgrades to boost its cyber resilience.

By David Jones • Oct. 1, 2024

AT&T settles a 2023 data breach for $13M. Recent incidents are much worse.

Telecom cybersecurity remains a challenge with widespread impacts. AT&T is not alone in experiencing a pattern of extensive breaches exposing customer data.

By Matt Kapko • Sept. 18, 2024

Companies lean on AI in push to curb cyber insurance costs

Half of business leaders responding to a Delinea survey said their organization was able to negotiate a lower cyber insurance rate after using AI.

By Alexei Alexis • Sept. 10, 2024

Halliburton confirms data stolen in August cyberattack

The company continues to incur expenses related to the attack, but does not expect a material impact. 

By David Jones • Sept. 3, 2024

RealPage lawsuit opens a new antitrust front for pricing algorithms

The rise of Big Data across the economy raises antitrust concerns, especially where companies are sharing sensitive proprietary data, legal experts say.

By Justin Bachman • Aug. 28, 2024

Texas sues GM for selling customer driving data

The automaker failed to tell buyers it was selling their driving data to help insurers analyze driving behavior, according to a Texas AG lawsuit.

By Justin Bachman • Aug. 14, 2024

Message alleges TikTok had actual knowledge it was violating child privacy law

The company wouldn't delete children's accounts unless parents submitted a form with information that was already in its possession, a federal lawsuit alleges.

By Robert Freedman • Aug. 5, 2024

Some companies pay ransomware attackers multiple times, survey finds

Robust cybersecurity risk management begins in the boardroom given the costs of disruption and tighter regulatory oversight.

By Justin Bachman • July 30, 2024

Judge deals major blow to SEC’s cybersecurity enforcement stance

“The decision substantially limits the SEC’s authority to challenge a company’s cybersecurity program,” attorney Mark Schonfeld said.

By Alexei Alexis • July 23, 2024

Companies turn to AI contract tools to reduce external risks

Executives often overlook the importance of shrewd third-party contracting when managing their risk profiles, according to a legal tech panel.

By Justin Bachman • July 18, 2024

Majority of SEC civil fraud case against SolarWinds dismissed, but core remains

The court ruling related to claims leading up to and immediately following the 2020 Sunburst supply chain hack.

By David Jones • July 18, 2024

Ransomware leak site posts jumped 20% in Q2

Threat groups claimed attacks on 1,237 organizations during the quarter, marking an increase from Q1. U.S.-based businesses accounted for more than half of all victims, Reliaquest found.

By Matt Kapko • July 16, 2024

Citi to pay $135.6M in new penalties over 2020 orders

The bank has made insufficient progress toward resolving nagging data quality, risk management and internal control issues, the OCC and Federal Reserve said.

By Dan Ennis • July 11, 2024

AI policy, compliance leave lawyers more skeptical than executives: survey

North America has so far adopted an “innovation-friendly” approach to AI regulations compared to countries in Europe and Asia, a report finds.

By Justin Bachman • July 10, 2024

Cyber insurance prices fall amid rising competition: report

The pricing relief comes even as cyberattacks are escalating and businesses are paying more to recover from them.

By Alexei Alexis • July 2, 2024

SEC’s $2.1M fine on RR Donnelly over hack response slammed as overreach

The agency’s assertion that a cybersecurity failure can be punished as an “internal accounting controls” violation is raising eyebrows.

By Alexei Alexis • June 25, 2024