Credential stuffing has quickly become one of the top attack vectors online, according to the Office of New York State Attorney General Letitia James (OAG). On January 6, 2022, the OAG announced the result of a sweeping investigation that discovered that 1.1 million online accounts had been compromised through credential stuffing accounts at 17 well-known

Federal law generally prohibits internet service providers (ISPs), i.e., “cable operators,” from disclosing personally identifiable information concerning a subscriber without the prior written or electronic consent of the subscriber. Moreover, under the law, ISPs must “take such actions as are necessary” to prevent unauthorized access to a subscriber’s personally identifiable information by a person other

Alan Rutkin authored, “As Cybercrimes Continue, Lawsuits for Damages Will Grow,” for the December 2021 issue of Best’s Review. The article explores the challenges to insurers posed by the ever-evolving world of cyber liability:

1. The threats are growing.
2. Underwriters are trying to assess where the biggest threats exist.
3. Coverage litigation is still relatively new.

Many New York-based businesses with websites, as well as bloggers, vloggers, and other New Yorkers with an online presence, may justifiably feel a bit more immune to lawsuits under the Americans with Disabilities Act (ADA) given the recent decision by the U.S. District Court for the Eastern District of New York in Winegard v. Newsday

On August 31, 2021, the FBI and CISA (Cybersecurity and Infrastructure Security Agency) issued Alert AA21-243A, warning that there is an increased risk to U.S. entities of an “impactful ransomware attack” over Labor Day Weekend. A summary of the risk and suggested steps to address it can be found at https://us-cert.cisa.gov/ncas/current-activity/2021/08/31/fbi-cisa-advisory-ransomware-awareness-holidays-and-weekends. The Alert can be

Social media has played an oversized role in lawsuits under state and local biometric privacy laws, including especially the Illinois Biometric Information Privacy Act (BIPA). See, e.g., Thornley v. Clearview AI, Inc., 984 F.3d 1241 (7th Cir. 2021) (plaintiffs alleged that defendant used a proprietary algorithm to “scrape” pictures from social media sites such as

Alan Rutkin authored the Best’s Review article,  “Cyber Threats: Get Ready and Get Tough.”

In the article, Rutkin discusses the steady increase of cyber incidents and how insurers should prepare for future attacks.

“Cybercrimes, along with the related coverage issues, are among the biggest challenges now facing insurers,” Rutkin says.

A wide range of federal and state authorities are involved in the regulation of emerging technologies in one way or another. Numerous agencies as well as the U.S. Department of Justice lead the national effort, while the Department of Financial Services, the attorney general, and local prosecutors are the principal parties in New York State.

For much of the past few years, Section 230 of the Communications Decency Act of 1996 (CDA) has been in the news. Section 230 generally immunizes providers of interactive computer services (such as internet service providers or ISPs, social media companies, and website hosting entities, among others) from liability in connection with third party

Sometimes a comprehensive overview is needed to recognize that individual anomalous conduct is indicative of a criminal scheme.

Recently, the Department of Financial Services (DFS) looked at an unusual pattern of interaction with multiple insurance websites and concluded that cybercriminals were exploiting data obtained from those website interactions to commit benefit fraud. Website operators of