ariel seidner – Duane Morris TechLaw

October 10, 2024October 10, 2024 by Michelle Hon Donovan

New York Department of Financial Services Issues Cybersecurity Threat Alert as Malicious Activity Rises

The New York Department of Financial Services (DFS) published an alert directed to all DFS-regulated entities specifically warning of a widespread cybersecurity threat involving social engineering of regulated institutions’ IT help desk personnel and call center personnel.

According to the alert, DFS has detected a trend in which threat actors have targeted IT personnel as a part of schemes to gain system access through password resets and diversion of multi-factor authentication (MFA) to new devices. According to DFS, threat actors have employed tactics including voice-altering technology and leveraging information found online about identities of individuals, in attempts to convince IT personnel at help desks and call centers to comply with fraudulent access requests.

DFS cautions all regulated entities to be on “high alert for suspicious communications” based on the observed threat actors’ recent activity. Entities are encouraged by DFS to:

implement secure controls for password changing and MFA device configurations;
exercise caution in authenticating the identity of anyone who tries to change a password or MFA device; and
remain vigilant when receiving requests from individuals and vendors regarding system access.

DFS included a link to guidelines published by the U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA). The guidelines from CISA (CISA: Avoiding Social Engineering and Phishing Attacks) identify best practices to protect against these cyber threats, including:

Distinctions between common methods of social engineering employed by threat actors
Common indicators of malicious activity disguised as a legitimate communication
Proactive measures to minimize the risk of disclosing information and/or permitting access to threat actors
Guidance and resources on handling a cybersecurity compromise

In addition to the CISA guidelines, NYDFS has a publicly available Cybersecurity Resource Center with more information and guidance for DFS-regulated individuals and entities.

For More Information

If you have any questions about this blog post, please contact Michelle Hon Donovan, Ariel Seidner, Milagros Astesiano, any of the attorneys in the Privacy and Data Protection Group, or the attorney in the firm with whom you are regularly in contact.

Disclaimer: This blog post has been prepared and published for informational purposes only and is not offered, nor should be construed, as legal advice. For more information, please see the firm’s full disclaimer.

August 12, 2024 by Duane Morris

Changes to Illinois Biometric Data Law Lower Liability, but the Stakes Remain High

In recent years, a heavy question mark has weighed on companies that process biometric information as part of their standard operating procedures: What is our risk exposure? On August 2, 2024, Illinois Governor J.B. Pritzker signed into law a bill passed by the Illinois Legislature in May to amend BIPA in a way that is expected to limit the risk exposure associated with violations. The amended text of BIPA now indicates that violations essentially occur on a per-person basis, not a per-scan basis. This is expected to yield a marked decrease in the number of violations for which a company may be liable, though penalties of up to $5,000 may still add up quickly where thousands of individuals or more are implicated. Read the full Alert on the Duane Morris website.

July 10, 2024 by Duane Morris

The Age of Artificial Intelligence and Commercial Transactions

The pervasiveness of artificial intelligence (AI) is transforming the commercial transactions landscape. Providers across industries are looking to utilize third-party AI tools, or utilize customer data to train AI models, in connection with providing services or implementing use cases proposed by their customers to create efficiencies and cost savings. The intellectual property (IP) stakes are heightened, and parties on either side of a transaction will need to carefully leverage agreements to maintain IP rights in their own data, secure IP rights in resulting products, and protect themselves against claims of infringement.

Read the full Landslide article by Duane Morris’ Ariel Seidner. (ABA membership required.)

June 26, 2024 by Duane Morris

Colorado Privacy Act’s Universal Opt-Out Provision Goes Into Effect July 1, 2024

While the Colorado Privacy Act (CPA) has already been in effect, as of July 1, 2024, companies that meet the threshold compliance criteria for CPA and that engage in the processing of personal data for purposes of targeted advertising or the sale of personal data (“covered entities”) must implement a universal opt-out mechanism, which allows users to more easily exercise their opt-out rights with these covered entities. Specifically, a universal opt-out mechanism allows a user to configure their internet browser settings, and as a result, the websites the user visits from that browser automatically receive the user’s opt-out signal. As of July 1, 2024, covered entities must recognize and honor a user’s opt-out preferences where communicated through a universal opt-out mechanism.

Read the full Alert on the Duane Morris LLP website.

November 28, 2023 by Duane Morris

Benefits and Risks of AI in California’s Generative AI Report

Following Governor Newsom’s September 2023 Executive Order on Artificial Intelligence, the California’s state administration released a report analyzing the potential benefits and risks surrounding the use of Generative Artificial Intelligence (“GenAI”) within the state government (“Report”). This is the first of many steps called for under the Executive Order.

To read the full text of this post by Milagros Astesiano and Ariel Seidner, ,please visit the Duane Morris Artificial Intelligence Blog.

November 17, 2023November 16, 2023 by Duane Morris

Webinar Replay: Strategic Contracting to Reduce Risk in AI

A webinar replay of the Get Smart with AI webinar series session Strategic Contracting to Reduce Risk is now available.

November 1, 2023November 16, 2023 by Duane Morris

Webinar: Strategic Contracting to Reduce Risk in AI

Duane Morris will present the next session in the Get Smart with AI webinar series, Strategic Contracting to Reduce Risk, a Zoom webinar on risk mitigation strategies for AI use in business, on Wednesday, November 15, 2023, from 3:00 p.m. to 4:00 p.m. Eastern time.

For more information and to register, visit the Duane Morris website.

September 5, 2023 by Duane Morris