fbpx

Steady Counsel


The threat posed to organizations of all types and sizes from data breaches and other cybersecurity events is unprecedented and, by all accounts, only set to increase. Whether the threat emanates from a for-profit hacking group engaged in ransomware activity or a nation-state actor seeking valuable intelligence, the threat vectors come from practically all sides. The reality is that “it is a question of when, not if,” a particular company or other organization will experience an incident. From smaller breaches to ones of great proportions, such as AT&T’s data breach that resulted in “nearly all” customers’ data being disclosed.

Once hit with a data breach or cybersecurity event, the fallout to a business can be immense, not only in terms of regulatory and legal expenses but also reputationally. The legal dynamics of data breach compliance are complex and overwhelming due to the need to comply with patchwork breach notification regimes on the state level (such as the CCPA as amended by the CPRA), federal level (such as HIPAA), and international regulatory authorities (such as the GDPR). Though the legal frameworks are criticized, failure to comply with relevant legal obligations in the event of an incident or data breach can result in hefty fines. Further, strategically protecting the organization, including the attorney-client privilege, is critical. For example, maintaining the confidentiality of subject matter experts’ analysis of security posture pre-breach and the extent of the incident can be pivotal in limiting the cost of a cyber incident, including as it relates to post-breach private action

At RICHT, we focus on helping clients navigate the confusing web of laws that come into play in a data breach or cyber event, stressing mitigation and protecting client interests. Specifically, our services include pre-planning such as tabletop exercises (TTXs) and counseling clients in real-time experiencing a breach with technical experts under our RICHT&Co. offering. 


Our Data Breach & Incident Response Services


 Preparedness & Prevention

Ransomware & Cyber Extortion

 Incident Response Plans

 Regulatory Investigations

 Vendor Risk

 Breach Notification Compliance

 Cyber Insurance Review


Key Data Breach Stats Of Note



Find Out About How We Can Help You With Navigating Data Breaches & Incident Response



    Data Breach & Incident Response News


     

    BakerHostetler

    2024 Data Security Incident Response Report

    BakerHostetler released its 2024 Data Security Incident Response Report which provides an overview, insights, and metrics from the security incidents the firm managed in the prior year (more than 1,150 incidents in 2023).

    Data Breaches
    Incident Response
    Privacy Law
    The Record

    NY College Forced To Invest $3.5 Million In Cybersecurity After Breach Affecting 200,000

    New York state’s attorney general is forcing a college to invest $3.5 million into cybersecurity after a 2021 data breach leaked troves of sensitive information about almost 200,000 people.

    Data Breaches
    Incident Response
    Privacy Law
    DataGuidance

    2023 DATA SECURITY INCIDENT RESPONSE REPORT

    Now in its ninth year, the Data Security Incident Response Report features statistics and insights from 1,160+ incidents.

    Data Breaches
    Incident Response
    Privacy Law
    DataGuidance

    Norway's Datatilsynet fines Argon Medical Devices NOK 2.5M for data breach notification delay

    The Norwegian data protection authority (‘Datatilsynet’) announced, on 16 March 2023, its decision No. 21/03126-13, as issued on 8 March 2023, in which it imposed a fine of NOK 2.5 million (approx. €220,292) on Argon Medical Devices, Inc., for violation of Article 33(1) of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’), following a data breach.

    Data Breaches
    Incident Response
    Privacy Law
    The New York Times

    Former Uber Security Chief Found Guilty of Hiding Hack From Authorities

    Joe Sullivan, the former Uber security chief, was found guilty on Wednesday by a jury in federal court on charges that he did not disclose a breach of customer and driver records to government regulators.

    Data Breaches
    Incident Response
    Privacy Law
    Reuters

    CafePress owners settle with FTC over data breach 'cover up'

    The U.S. Federal Trade Commission said Tuesday it has taken action against CafePress over security lapses leading to a 2019 data breach, entering into proposed settlements with the online merchandise platform’s current and former owners.

    Data Breaches
    Privacy Law
    The New York Times

    Supreme Court Limits Article III Standing in Data Privacy Litigation

    In a 5-to-4 decision, the court said only people who had suffered “concrete harm”… had the right to sue.

    Data Breaches
    Privacy Law

    Privacy & Cybersecurity Practice Insights