The FTC’s recent settlement with an online tax preparation service for violations of the Safeguards Rule demonstrates the agency’s willingness to pursue companies that have fallen victim to hackers, according to some practitioners. Everyone, including hackers, knows that customers tend to use the same usernames and passwords for multiple online accounts. It turns out that entities subject to the Privacy and Safeguards Rules of the Gramm-Leach-Bliley Act need to take measures to protect their own customers whose information just might have been accessed inappropriately elsewhere. With input from Debevoise partner Jeremy Feigelson, the Cybersecurity Law Report takes a close look at the TaxSlayer settlement and what it means for financial institutions of all sizes. See also “SEC Officials Flesh Out Cybersecurity Enforcement and Examination Priorities (Part One of Two)” (May 3, 2017); Part Two (May 17, 2017).