In what may be the largest data breach ever publicly disclosed, Yahoo, disclosed that a 2014 cyberattack breached at least 500 million user accounts. The company said it believes state-sponsored actors were responsible and that the data stolen includes names, email addresses, telephone numbers, dates of birth, and hashed passwords.

Data privacy and securityThe data could also include

In my previous post, I reviewed the New York State Department of Financial Services’ (NYDFS) findings and conclusions of survey results of financial institutions and insurers’ programs, costs, and future plans related to cybersecurity.

Anthony J. Albanese – Acting Superintendent of Financial Services – writes in a November 9, 2015 letter to Financial and

With the amount of commerce conducted through networks increasing exponentially each year, the importance of implementing robust cybersecurity polices is as critical as ever. Just last month, the Congressional Research Service released its paper about cybersecurity information sharing and how this helps companies decrease preventable breaches. Coupled with industry research, the paper is a must-read

New Jersey Governor Chris Christie signed a bill (S.562) into law on January 9, 2015 that will impose a standard more stringent than HIPAA on health insurance carriers authorized (i.e., licensed) to issue health benefits plans in New Jersey.  Effective August 1, 2015, such carriers will be required to secure computerized records that include certain

On February 4, 2013, the California Supreme Court held that Apple Inc. is permitted to request a customer’s address and telephone number in connection with an online purchase. The Supreme Court reversed the trial court’s decision and found that the Song-Beverly Credit Card Act does not apply to online transactions.  The Supreme Court stated that "[t]he safeguards