Recent Enforcement Actions by Regulators Show Continued Focus on Cybersecurity and Data Protection Issues

A pair of recent enforcement actions by the CFTC and New York Attorney General’s Office (“NYAG”) show that both federal and state authorities are pursuing cases against companies believed to have insufficient data security practices, even in the absence of breaches resulting in harm to customers.

First, late last month, the CFTC entered into a settlement with a registered futures commission merchant that allegedly failed to diligently supervise an unnamed “IT Provider.”  The IT Provider inadvertently introduced a vulnerability to the merchant’s network, exposing private customer records and sensitive information, including personally identifiable information.  An unnamed “Third Party” detected the vulnerability and accessed nearly 100,000 files containing sensitive information.  The Third Party eventually contacted the merchant and federal authorities to disclose vulnerability, and deleted the data.  It appears that the data was not otherwise improperly accessed.

Click here, to continue reading on the Cleary Cybersecurity and Privacy Watch blog.