LATEST POST
Florida Bar Urges Law Firms to Adopt Incident Response Plans: A Call to Action for Legal Professionals
From Jackson Lewis: In late March 2025, the Florida Bar Board of Governors unanimously endorsed the recommendation of its Special Committee on Cybersecurity and Privacy Law that law firms should adopt written incident response plans (IRPs) to better prepare for and respond to data security incidents. The recommendation reflects a growing recognition across professional service industries—particularly law […]
$6.5M Navvis, SSM Health ransomware data breach class action settlement
Top Class Actions reports: Navvis and SSM Health have agreed to a $6.5 million class action lawsuit settlement to resolve claims that they failed to prevent a 2023 data breach that compromised sensitive patient information. The SSM Health settlement benefits anyone whose private information was compromised in the Navvis and SSM Health data breach between […]
Beware, hackers can apparently now send phishing emails from “no-reply@google.com”
TechRadar reports: Researchers have discovered a clever and elaborate phishing scheme that abused Google’s services to trick people into giving away their credentials for the platform. Lead developer of the Ethereum Name Service, Nick Johnson, recently received an email that seemed to have come from no-reply@google.com. The email said that law enforcement subpoenaed Google for content found in […]
Chinese Ghost Hackers Hit Hospitals And Factories In America And U.K.
Forbes reports: Now, a new threat intelligence report has revealed how financially motivated Chinese cybercriminals are targeting government offices, the energy sector, factories, financial services, and, yes, hospitals across the globe. However, North America and the U.K. have been most attacked by the Ghost ransomware hackers. According to a new report from Rebecca Harpur at […]
State-sponsored hackers embrace ClickFix social engineering tactic
Bleeping Computer reports: ClickFix attacks are gaining traction among threat actors, with multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia adopting the technique in recent espionage campaigns. ClickFix is a social engineering tactic where malicious websites impersonate legitimate software or document-sharing platforms. Targets are lured via phishing or malvertising and shown […]
Breaches Within Breaches: Contractual Obligations After a Security Incident
It is important to review any contract with a vendor or business associate in terms of who will be responsible for notifying affected customers or patients of any breach. A post by Robinson + Cole discusses a lawsuit stemming from a dispute over the responsibility of a business associate following a breach. According to the […]
100,000 Americans Exposed As Hertz Warns Customers’ Names, Contact Details, Credit Card Information, Social Security Numbers Leaked in Vendor’s Data Breach
The Daily Hodl reports: A car rental giant says sensitive customer data has been exposed in a cybersecurity incident involving one of its vendors. In a notice posted on its website, Hertz says that its vendor, Cleo Communications US, witnessed a zero-day vulnerability exploit late last year that enabled thieves to siphon customer data. Notifications on various […]
The PIPC Sanctions CLASSU and KT alpha for Violations of the PIPA
South Korea’s data protection regulator issued the following press release concerning recent enforcement actions (unofficial translation follows): – The PIPC calls for putting access control and other privacy-safeguarding measures in place in preparation for credential stuffing and other intrusion attempts The Personal Information Protection Commission (PIPC) held its eighth plenary meeting of 2025 and reached […]