During the last week of December 2015, several New Jersey firms were the victims of non-trivial data breaches. While three involved real estate closings and the rest involved commercial transactions, all resulted in funds being wired to an Internet hacker. Each firm was a victim of “man-in-the-middle” attacks, whereby a hacker first acquires access to a firm’s server, then, using said access, the hacker redirects all e-mails associated with the firm’s server to a hacker’s server and subsequently changes payment information and other information in those e-mails to defraud the firm and others working with the firm.
While the Fair Credit Reporting Act and other federal laws encourage the implementation of policies, programs and procedures to keep data safe by requiring entities to maintain reasonable procedures designed to avoid the disclosure of information, not all entities are covered, and the obligations impose on covered entities is not specific. Even covered entities may not be required to protect themselves from man-in-the-middle attacks, because typically regulations implementing these obligations primarily detail disposal obligations, such as implementing and monitoring compliance with policies and procedures that require the destruction or erasure of electronic media containing information so that the information cannot practicably be read or reconstructed. 16 C.F.R. §682.3(b)(2).
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]