On September 26, 2018, two separate government authorities each announced settlements in connection with significant cybersecurity enforcement actions.
First, the attorney generals of all 50 states and the District of Columbia announced a record-breaking $148 million settlement with Uber Technologies Inc. over Uber’s alleged failure to disclose a massive data breach in 2016. Second, the U.S. Securities and Exchange Commission announced that it had reached a smaller, but still significant, $1 million settlement with Voya Financial Advisors Inc. over the adequacy of VFA’s cybersecurity measures in connection with a 2016 data breach, representing the SEC’s first enforcement action brought under the Identity Theft Red Flags Rule.
Click here, to continue reading on the Cleary Cybersecurity and Privacy Watch blog.