Articles Posted in Cybersecurity

Published on: | by

On May 26, 2015, the Internal Revenue Service (“IRS”) announced that criminals illegally accessed data to retrieve the past tax returns of approximately 100,000 individuals through the IRS website. The criminals managed to use social security numbers, birth dates, street addresses, and “out of wallet” data (e.g., person’s first car, high school mascot.)

How was the personal information accessed?

During the months of February to May, attackers attempted to get access to tax information over 200,000 times through the IRS “Get Transcript” online application, which allows for viewing information from previous returns. The criminals managed to go through many steps of an authentication process to view these previous returns, exploiting data from breaches in the past. Recent breaches of companies like Target, Home Depot, JP Morgan Chase, Sony, and Anthem have allowed for personal information to be easily accessible to hackers. In addition, it is possible for identity thieves to get basic answers to security questions from individuals’ social media accounts and search databases. The IRS proceeded to send $50 million in refunds before detecting the criminal activity.

Continue Reading ›

Published on: | by

The recent cyberattack on Anthem, Inc., one of the largest health insurance companies in the United States, illustrates the persistence and severity of the risk of data breaches. On February 4, 2015, Anthem confirmed that one of its databases had been hacked. The data breach exposed personal information of approximately 80 million Anthem customers and employees—including names, birthdays, member health ID and Social Security numbers, street addresses, telephone numbers, e-mail addresses, and employment information—potentially the most damaging cyberattack to date on a health insurer.

Noting a pattern of medical data thefts from health insurers by foreign intelligence organizations, the FBI concluded that the attack was likely the work of Chinese hackers attempting to gain access to the networks of defense contractors and government workers. Moreover, while hackers have targeted healthcare providers, similar attacks on companies like Target, Sony, JP Morgan Chase, and Home Depot, signify the risk to all types of businesses.

One obvious implication for businesses that fall victim to these attacks—beyond negative press—is the exposure to liability for the resulting invasion on individuals’ privacy. For instance, individuals have already begun filing class action lawsuits for this particular breach, asserting that Anthem should be held responsible given its inadequate security measures—namely, its failure to employ encryption to prevent unauthorized access to their personal information.

Continue Reading ›

Published on: | by

Online banking is an electronic payment system that enables customers of a financial institution to conduct financial transactions on the web.   In today’s high-tech world, online banking fraud is committed on a daily basis.  As such, sometimes customers may not be liable for certain unauthorized online transactions, subject to the terms and conditions of the bank’s service agreement.  Online banking fraud is to defraud a financial institution or obtain money or other property under the custody of a financial institution by false pretenses.  A related issue includes financial identity theft.   So, financial institutions use encryption technology (e.g., secure socket layer – a/k/a “SSL”) to prevent unauthorized access to data.

In general, the customer must notify bank within 60 days after receiving a periodic statement pursuant to 15 U.SC. § 1693f.  Under 15 U.S.C. § 1693g(b), the burden of proof of consumer liability is on the bank.  So, in order to establish a customer’s liability, the bank must prove the transfer was authorized.  In case of a violation, the bank may be subject to civil liability under 15 U.S.C. § 1693m.

What Are the Common Methods Used to Defraud Customers?

Continue Reading ›

Published on: | by

In recent times, e-residencies (a/k/a “electronic residency”) have become a trend in some European societies. For example, the Republic of Estonia implemented this concept into its banking systems in order to permit people to manage their funds in an electronic environment. According to the Information System Authority, in 2001, the first nation-wide ID-card was introduced as the primary identity document for Estonian citizens both in the real and digital world. It is possible to attach a digital signature to the ID-card that constitutes a handwritten signature.

The Republic of Estonia is operating on the cutting-edge of technology. It has created an electronic state (“e-State”) where almost all transactions are completed by using technology. For example, Estonians developed Skype. The government permits its citizens to start a business online, pay taxes online, administer schools online, and pay their car park fees by mobile phone. It seems that their logistics transcend most societies. However, their achievements have not been without problems. In 2007, a cyberattack took place against its government’s websites and data communication networks.

What are the legal ramifications?

Continue Reading ›

Published on: | by

In recent years, much of consumer retail consumption has transitioned to the online marketplace. So, many of us engage in e-commerce, especially when shopping for the upcoming holiday season. While e-commerce is convenient and easy, consumers are becoming more aware of the risks posed by hackers that commit online fraud. Merchants who administer websites for online shopping must take measures to assure that their sites are protected from online hackers and fraud. Online merchants may be held liable for online fraud if the proper steps are not taken to prevent it. Are you an online merchant? Are you worried about protecting the sensitive information of your customers? If so, then you must take certain steps to prevent fraud and unauthorized access (i.e., hacking).

How Does Online Fraud Occur?

Online fraud is fraud that is committed using the Internet. This type of fraud typically comes in two forms: (i) financial fraud; and (ii) identity theft. Financial fraud often occurs when a hacker collects a consumer’s financial information to steal money.  Identity theft usually occurs when a hacker collects a consumer’s information, and then uses it to open bank, mortgage, or credit card accounts. Many times the two types of fraud happen concurrently. Hackers often target e-commerce websites because consumers are constantly offering their credit card and personal information through these websites. Online merchants must take precautions to prevent hacking that leads to this kind of fraud.

Continue Reading ›

Published on: | by

The purchase of commercial general liability and umbrella insurance policies are ways to protect your business from liability. However, these types of policies have not adapted to protect policyholders from certain types of cyber liability.  This issue was recently exposed in a case against Urban Outfitters, Inc., and its subsidiary, Anthropologie, Inc. (collectively “Urban Outfitters”). Urban Outfitters found itself with no suitable insurance coverage when facing several lawsuits for privacy infringement that resulted from credit card transactions. Many businesses collect customer data and infringements of customer privacy may not be covered by traditional insurance policies. Do you run a business that collects consumer data? Are you unsure how far your insurance coverage extends in protecting against consumer data breaches? If so, then you may contact us to speak to an attorney about whether you should obtain cyber liability insurance.

What Was the Issue in the Urban Outfitters Case?

In OneBeacon America Insurance Company v. Urban Outfitters, et al., Urban Outfitters was sued in three different states for consumer privacy breaches. Urban Outfitters was sued because of its practice of collecting consumer zip code information when processing credit card transactions. This practice violated multiple consumer privacy laws. Urban Outfitters then looked to its insurance company to defend the multiple lawsuits. However, the insurance company claimed that its general liability policy did not cover that kind of privacy breach. The federal court in Pennsylvania agreed, and held that the insurance company was not obligated to defend Urban Outfitters in any of the lawsuits. The general liability policy only covered “oral or written publication of material that violates a person’s right of privacy,” and even though Urban Outfitters violated consumer privacy, it never published that material.

Continue Reading ›

Published on: | by

Peer-to-peer networks have provided an invaluable service that allows users to share information and data around the world. These networks became popular for media sharing, culminating in the infamous Napster scandal. Many are aware of the copyright issues that arise with the use of peer-to-peer media sharing. However, there are other cyber-crime issues that users may expose themselves to when using these networks. Peer-to-peer networks may be used in a variety of legal ways, but users must protect themselves from cyber crime prevalent over these networks. Are you developing or using a peer-to-peer network? If so, then you should be aware of the cyber crimes that you may be exposed to or unintentionally committing.

What is a Peer-to-Peer Network?

A peer-to-peer network is created when two or more computers connect and share resources without going through a separate server.  Typically, peer-to-peer networks are accessed through free software that allows the user to find and download files on another user’s computer.  The traditional computer network uses a client and server model, in which the client computers store and access data on a dedicated server. Peer-to-peer networks move away from the dedicated server. So, each computer is a client and a server. This empowers each user to access and share information directly instead of through a central hub. These networks also provide users with more control. Users can decide to which computers to connect, what files to share, and how many system resources to devote to the network.  Users have many controls over a peer-to-peer network.  However, the average user may expose himself to committing and being the victim of cyber crimes if he does not know how to control the network settings.

Continue Reading ›

Published on: | by

In the past, to start a business you had to find a location, rent space, and open your doors to the public. Today, many entrepreneurs can do it all online by advertising, communicating with customers, and managing transactions using the web. Many entrepreneurs are interested in starting a new business with a strong online presence. There are several steps that one must take to start a business, plus additional considerations to comply with online business laws. Are you ready to create an online business? Are you unsure which laws you need to be aware of for your e-commerce website?  If so, then you need to know the process to start a business and the additional issues that apply to e-commerce.

How Do I Start An Online Business?

The Small Business Administration recommends a ten-step process to start a new business.  First, write a business plan.  This is your general outline as to the identity of your new company and the structure you are going to build to execute your plan.  Second, get the proper assistance and training. No one knows everything and connecting with mentors and experts can help you get off on the right foot.  Third, choose your location. If your company is 100% online, you still need to determine the types of customers you plan on attracting and to what areas you plan on making deliveries.  Fourth, finance your business. Whether you choose traditional financing from a commercial bank or more creative methods (e.g., crowdfunding), make sure to do your research and figure out what works for your company.  Fifth, determine the legal structure of your business. There are many types of entities you can create (e.g., LLC or Corporation). Each entity creates different levels of liability and tax obligations.  Sixth, register your business name with the proper state agency (e.g., Secretary of State).  Seventh, get a tax identification number (a/k/a EIN) by registering with the Internal Revenue Service.  Eighth, register with state and local tax agencies (e.g., Franchise Tax Board, a/k/a FTB). In general, each state has its own tax laws, so make sure you know the obligations within your state.  Ninth, obtain business licenses and permits.  You should keep in mind that state and federal agencies may require different licenses and permits. Finally, you may need to hire employees or independent contractors.

Continue Reading ›

Published on: | by

Today, most companies are dependent on technology and their computer systems, and there are entities whose primary focus is to hack into these systems. On the other hand, a company might experience an internal breach of its network system, which causes the unauthorized release of sensitive information. Any breach into or out of these systems could be catastrophic. The computer network for a company may contain important data, intellectual property, and consumer information. All industries are susceptible to a data breach. To help protect against these risks, companies must insure themselves with the correct policy. Traditional insurance policies may not be enough to cover all the risks. In recent years, insurance companies have begun to issue specific cybersecurity policies. What kinds of claims are covered under these cybersecurity insurance policies? How can an insurance company ensure that it is mitigating its own risks in underwriting a cyber policy? If you are concerned with these questions, then the effectiveness and scope of these cybersecurity policies is relevant to your company.

What Is Cybersecurity Insurance?

Cybersecurity insurance is an insurance policy that helps mitigate the risks posed by incidents such as “data breaches, business interruptions, and network damages.” The market for this kind of policy is still in development, and insurance companies and consumers are unsure how far reaching the policy protections are. Department of Homeland Security has stated that a more developed cybersecurity insurance market would lead to fewer successful cyber attacks—i.e., by implementing preventive measures in conjunction with policies and lowering premium prices based on the level self-protection. There are steps that companies and individuals can take to reduce their risk level to a cyber attack, and these steps may actually help prevent attacks. Preventive measures can at least lower the risk an insurance company must take in underwriting a cyber policy.

Continue Reading ›

Published on: | by

The smartphone has brought a world of possibility to the average consumer’s fingertips. Now, this has come to include mobile banking. With fast-paced lifestyles and long lines at the banks, mobile banking has emerged as a thrilling convenience. However, this convenience brings cybersecurity concerns. Therefore, consumers who have turned to mobile banking for their financial needs must protect their financial privacy from cybersecurity breaches.

What Is Mobile Banking?

Mobile banking allows customers to access their financial institutions and conduct transactions through their mobile devices. Initially, this began with SMS Banking, which allowed customers to conduct various financial transactions by sending and accepting SMS messages or “texts.” In its most basic form, mobile banking allows customers to access their bank accounts and check on financial transactions. However, as the systems have progressed, customers can now make bill payments, transfer funds, and monitor deposits. Indeed, customers can now manage their investment portfolios and rearrange their investments through a smartphone or tablet. This has certainly increased everyday conveniences. However, it has also contributed to the speed with which finances can shift. Although, customers can review and monitor their accounts faster and more regularly, this also means greater security threats for the underlying financial information. This expansive access may lead to greater unauthorized breaches.

Continue Reading ›