SEC Announces 2nd Round of Cyber Exams; Judge Certifies Target Class Action; DHS Cybersecurity Improvements Needed; DoD Official Calls for Culture Change; Obama to Raise Cyber Concerns with Chinese President
SEC Announces 2nd Round of Cybersecurity Exams
The Securities and Exchange Commission (SEC) issued a Risk Alert indicating that it would begin a second round of cybersecurity-related exams to identify cybersecurity risks and assess cybersecurity preparedness among advisors and dealer-brokers. The exams are intended to address concerns regarding the integrity of the market system and customer data protection in light of recent breaches and continuing threats against the financial industry. For key takeaways on the exams, see our recent alert The SEC conducted its first round of cybersecurity exams after issuing a Risk Alert last April, and firms failing to adopt required cybersecurity policies and procedures potentially face investigation and charges following examination.
Judge Certifies Banks’ Class Action Over Target Breach
A Minnesota federal judge certified a class action brought by financial institutions that issued cards compromised in Target Corp’s massive data breach in 2013. In doing so, the judge rejected a number of arguments raised by Target, including that the banks’ injuries (like those of consumers in prior cases) were speculative even though the banks involved had reissued nearly all cards affected by the breach and had incurred the costs of doing so. Target previously agreed to a settlement with institutions that issue Visa cards that could be worth as much as $67 million, but a proposed $19 million settlement with MasterCard fell through when not enough banks accepted the agreement.