Continuing its renewed enforcement of the Child Online Privacy Protection Act (“COPPA”), the Federal Trade Commission (“FTC”) has reached a $170 million settlement with Google and YouTube for COPPA violations, surpassing the then-record $5.5 million settlement the FTC reached with Tik Tok less than 6 months ago.
In a recent lawsuit filed this month in the United States District Court for the Southern District of New York, Delta Airlines brought suit against its website chat services provider, 7, stemming from a 2017 data breach suffered by 7 that affected approximately 800,000 of Delta’s customers. Specifically, Delta alleges in its complaint that an attacker gained access to 7’s networks and modified the source code of its chat services so that the attacker could “scrape” payment card information from customers as they used the chat feature available on Delta’s website.
Large business data breaches - like the one affecting 100 million Capital One credit card customers and applicants - remain commonplace, so much so that they are becoming accepted as the new normal in today’s climate of consumer dealings. They shouldn’t be.
Following up on our post from June 7, Governor Cuomo has now signed the SHIELD Act into law. New section 899-bb of the General Business Law, which creates substantive security obligations for all persons or businesses that own or license the defined “private information” of New Yorkers, goes into effect in 240 days, with the rest of the law taking effect within 90 days.
The Department of Defense (“DoD”) recently announced that a new cybersecurity standard and certification program for defense contractors, the Cybersecurity Capability Model Certification program (“CCMC”), is currently under development and nearly ready for deployment.