Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Data Integrity and Incident Response

By Benjamin Dynkin, Barry Dynkin and E.J. Hilbert
December 01, 2017

Imagine the following: Cyber criminals attack a credit reporting agency, compromising 143 million American records — one of the largest data breaches on record. While the attack is incredibly impactful, these cyber criminals, looking to cripple the financial sector, use the data breach as a smoke screen to surreptitiously attack the credit reporting agency's data collection, analysis and reporting systems, which in totality ensure that no data produced by the reporting agency can be relied upon. Once discovered, the attack on the integrity of the agency's data causes all credit data to be rendered useless, utterly devastating the entire financial market and causing widespread distrust of financial institutions across the world.

While this may seem like a contrived example pulled from the pages of a Mr. Robot script, it is certainly a possibility that could have happened in the now infamous Equifax data breach, which was first disclosed on Sept. 7, 2017. The skill required to successfully exfiltrate 143 million records is certainly sufficient to successfully attack the integrity of that very same data. It is generally accepted that cyber criminals have not performed integrity attacks because there is a minimal profit motive: Records have a black-market value; in integrity attacks, there is no deliverable that can be sold.

This paradigm may be shifting. There are two key pressures causing this shift. First, as criminals become more sophisticated financial actors, they will be able to take significant, leveraged, short positions on a variety of securities, which they know would crash on news breaking about the attack. In addition to this form of sophistication, cyber criminals are also learning and developing business strategies for black-market goods.

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
Major Differences In UK, U.S. Copyright Laws Image

This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.

The Article 8 Opt In Image

The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.

Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

Legal Possession: What Does It Mean? Image

Possession of real property is a matter of physical fact. Having the right or legal entitlement to possession is not "possession," possession is "the fact of having or holding property in one's power." That power means having physical dominion and control over the property.

The Anti-Assignment Override Provisions Image

UCC Sections 9406(d) and 9408(a) are one of the most powerful, yet least understood, sections of the Uniform Commercial Code. On their face, they appear to override anti-assignment provisions in agreements that would limit the grant of a security interest. But do these sections really work?