Samuel Rasmussen

The Justice Department’s $3 billion settlement with TD Bank may have closed one chapter in a decade-long money-laundering saga, but Sen. Elizabeth Warren is far from satisfied with how the story ends. In a fiery letter to Attorney General Merrick Garland, Warren pulled no punches, calling the DOJ’s handling of the case a form of “absurd legal gymnastics” that shields TD’s top executives from facing the music. Her frustration underscores a growing concern in Washington: are these settlements really justice, or just another line item in the cost of doing business?

The February cyberattack on Change Healthcare, now confirmed to have affected a staggering 100 million individuals, is more than a historic breach—it’s a wake-up call for the entire healthcare sector. The U.S. Department of Health and Human Services recently confirmed the scale of this incident, making it one of the most significant exposures of personal health data in U.S. history. The breach shines a harsh light on cybersecurity fundamentals, particularly the overlooked areas of access management, incident response, and third-party risk oversight.

On October 3, 2024, American Water, the largest regulated water and wastewater utility in the U.S., fell victim to a cybersecurity breach that has since drawn attention to the broader risks facing critical infrastructure sectors. Serving over 14 million individuals across 14 states, American Water’s systems were infiltrated, forcing the company to disconnect key services and pause customer billing as part of their containment strategy.

In an unprecedented enforcement action that marks a watershed moment in compliance and regulatory enforcement, TD Bank has pleaded guilty to multiple felonies and agreed to pay $1.8 billion in criminal penalties, with total penalties reaching approximately $3 billion when combined with civil enforcement actions. The resolution represents not only the largest penalty ever imposed under the Bank Secrecy Act but also introduces a novel enforcement approach: the first-ever daily fine against a bank for persistent compliance failures.

The Department of Justice's Criminal Division unveiled today a sweeping new framework for addressing cybercrime and artificial intelligence-enabled criminal activities, signaling a major evolution in the federal government's approach to technology-enabled threats. Principal Deputy Assistant Attorney General Nicole M. Argentieri, speaking at the Computer Crime and Intellectual Property Section's Symposium hosted by the Center for Strategic and International Studies in Washington, DC, detailed the division's ambitious strategy to combat increasingly sophisticated digital threats while safeguarding civil liberties and promoting responsible innovation.

AT&T has agreed to pay a $13 million fine after the Federal Communications Commission (FCC) found the telecommunications giant had improperly shared customer billing information with a vendor to create personalized videos. The company also allegedly failed to ensure that this data was destroyed when no longer needed, which ultimately led to a security breach.

Chinese authorities have imposed severe penalties on PricewaterhouseCoopers (PwC) for its role in auditing the collapsed property developer Evergrande. The punishment, including a six-month ban and fines exceeding 400 million yuan ($56.4 million), marks the heaviest sanctions yet for international accounting firms operating in China.