Effective October 1, 2018, Connecticut has the most stringent requirement—24 months—for free mitigation services that must be provided to those affected by a data breach of personally identifiable information (in the case of Connecticut: (A) Social Security number; (B) driver’s license number or state identification card number; (C) credit or debit card number; or (D)
This post originally appeared in our sister publication, Insurance Recovery Blog.
For the second time in ten days, a federal appeals court ruled a crime insurance policy provides coverage for losses arising from a business email compromise. In American Tooling Center, Inc. v. Travelers Casualty and Surety Company of America, No. 17-2014, 2018 WL 3404708 (Sixth Circuit July 13, 2018), the Sixth Circuit held that Travelers was obligated to provide coverage for a loss the insured suffered when it wired $834,000 to a thief’s bank account, believing that it was transmitting a payment to one of its Chinese subcontractors.
Losses arising from business email compromise exceeded $12.5 billion between October 2013 and May 2018. Business email compromise is a form of social-engineering fraud that targets both businesses and individuals who make payments by wire transfer. Thieves accomplish business email compromise by accessing e-mail accounts of vendors or customers of the insured or by invading the computer system of the insured. The thief then provides fraudulent instructions to the insured to wire funds to the thief’s bank account, usually for the stated purpose of paying legitimate invoices.
Personal information has become the prey of relentless poachers. In light of the influx of data breaches, state legislatures are taking action. Not surprisingly, now every state has enacted data breach notification laws, which are triggered when personal information is breached. Read below for a summary of relevant state legislation recently adopted or laws recently amended that pertaining to data breach notification.
Arizona amended its data breach notification law, effective July 21, 2018. This amendment requires companies to notify affected consumers within a 45-day window upon discovery of a data breach. If the data breach impacts more than 1,000 consumers, companies must also notify the state attorney general as well as the three largest consumer credit reporting agencies. The state attorney general can also impose up to $500,000 in penalties for a company’s non-compliance.
Yesterday Gov. Jerry Brown signed California Consumer Privacy Act of 2018, which grants California residents unprecedented control over the collection, use, and sale of personal information. Many have already speculated that other state legislatures will follow suit and adopt a similar law in their own states, as has occurred in the wake of past California laws on data privacy and security. A copy of the law can be found here.
Continue Reading New California Privacy Law Could Have Nationwide Implications
South Carolina has become the first state to enact cybersecurity legislation for the insurance industry.
On May 3, Governor McMaster signed a bill requiring South Carolina insurers to “develop, implement, and maintain a comprehensive information security program” for their customers’ data. 2017 SC H.B. 4655 (NS). Based on the insurance industry model rules, the South Carolina Insurance Data Security Act has three primary aims: it requires “licensees” to prevent, detect and remediate insurance customer data breaches.
Quick to blame a state-sponsored organization, Yahoo announced at least 500 million of their account holders had their information stolen – in 2014.
A statement released on September 22, 2016, by Yahoo’s Chief Information Security Officer, Bob Lord, says that the hackers likely have, “names, email addresses, telephone numbers, dates of birth, hashed passwords (the…
Highlighting the importance of cybersecurity in a time of data breaches and cyber attacks that have compromised our national security, privacy, economy, and businesses, President Obama incorporated cybersecurity issues in his recent State of the Union address. He stated:
No foreign nation, no hacker, should be able to shut down our networks, steal our trade