This post was authored by Devin Chwastyk and Frank Lavery, II.  Devin is the Chair of the Privacy & Data Security group at McNees.  Frank is a Law Clerk with McNees.  Frank is currently a student at the University of Notre Dame Law School and expects to earn his J.D. in May of 2022.

On June 3, 2021, the U.S. Supreme Court issued an important opinion in Van Buren v. United States, which provided important clarification of the scope of the Computer Fraud and Abuse Act (CFAA).  The CFAA bars unauthorized access, or access that exceeds authorization, to any computer “used in or affecting interstate or foreign commerce or communication.”  As the Supreme Court aptly explains, this extends protection—at a minimum—to all information from computers that connect to the internet.  Thus, the implications of the CFAA are far reaching. The decision in Van Buren explored what constitutes “unauthorized access” and “access that exceeds authorization.”
Continue Reading U.S. Supreme Court Emphasizes Need to Couple IT Safeguards with Written Policies to Safeguard Confidential Data

On May 7, 2019, the City of Baltimore discovered that its integral systems were the subject of a ransomware attack, breaching the City’s phone systems, emails, documents and critical operational databases, affecting roughly 10,000 City computers. The City notified the F.B.I. and took offline as many other systems as possible to prevent the spread of the cyberattack, but not before the malicious software locked and encrypted many of the City’s systems. The hackers responsible for the attack demanded thirteen bitcoins (approximately $100,000), as ransom, to release the City’s inaccessible databases and operational tools. In a move intended to disincentive future attacks, Baltimore rejected hackers’ demands and did not pay the ransom.
Continue Reading Ransomware Attacks Targeting Cities and Municipalities

On March 22, 2018, a cyberattack hit the City of Atlanta.  A ransomware program infected the City’s computer systems.  That malware encrypted the city’s files, and officials believe it may also have provided unauthorized access to the City’s data to a group of hackers (although, the City says it has not yet “seen any evidence that personal information has been misused as a result”).  The hackers demanded a ransom payment of six bitcoin (valued at approximately $50,000).
Continue Reading Atlanta Cyberattack Shows Importance of Cybersecurity for Municipalities

I recently published in The Legal Intelligencer a timely article on cybersecurity threats to local governments. The failure of local governments to adequately address data security is causing huge costs to taxpayers and exposing municipalities to significant legal risks.

While private companies have become increasingly attentive to the risks of data breaches, attention to information