Litigation and legal developments concerning data breaches.
Comply or risk class-action litigation? IAPP explains: Last year, the California Privacy Protection Agency adopted a major new rule requiring certain businesses to conduct an annual cybersecurity audit. The rule went into effect 1 Jan. 2026. This pioneering requirement, the first of its kind among state data privacy laws of general applicability, may entail substantial compliance efforts […]
The Daily Hodl reports: A bank in the US is settling with customers affected by a cybersecurity breach that exposed sensitive personal information. According to new class action documents, Cadence Bank – a regional bank headquartered in the South – has agreed to a $5.25 million settlement over a data breach tied to vulnerabilities in the […]
Axios reports: Read more at Axios.
WPIX reports: A luxury fashion company that sells clothing, accessories and cosmetics has agreed to a class action settlement to resolve claims following a 2025 data breach that compromised customer information. The settlement benefits customers who received a notice from Christian Dior stating that their personal information may have been compromised in a data breach in Jan. […]
The Wall Street Journal reports: President Trump signed an executive order Friday directing diplomatic, law enforcement and national security agencies to dismantle cybercriminal outfits. The order frames cybercrime groups, including Southeast Asian romance-scam farms and ransomware gangs, as transnational criminal organizations. It directs the Attorney General to give priority to prosecutions of cyber-enabled fraud and compels the […]
The Department of Justice announced yesterday the seizure of the LeakBase database, one of the world’s largest online forums for cybercriminals to buy and sell stolen data and cybercrime tools. According to an affidavit unsealed on March 3, the LeakBase forum had over 142,000 members and more than 215,000 messages between members. Available on the […]
From the Hunton Insurance Recovery Blog: In the rarely litigated space of cyber insurance, the Northern District of Texas issued a win for cyber policyholders this week, offering a clear reminder to insurers that if they want to restrict coverage, they must draft the policy to clearly do so. In CiCi Enterprises, LP v. HSB Specialty […]
If a bill introduced in the Connecticut Senate ever becomes law, there will be new requirements for entities whose breaches affect more than 100,000 Connecticut residents. As attorneys from Ballard & Spahr explain: Read more at JD Supra. The second provision above is certain to raise a lot of concerns and opposition. The language of […]
Insurance Business Magazine reports: Digital medicines platform MediMap is seeking urgent court orders in New Zealand after an individual claiming to be behind a cyber incident circulated what appears to be patient information to news organisations – an incident that is drawing attention to cyber risk, privacy exposure, and the role of cyber insurance across […]
Bank InfoSecurity has an update on the Norton Healthcare breach in 2023: Norton Healthcare, which operates nine hospitals and 480 other care facilities in Kentucky and Indiana, has agreed to pay $11 million to settle class action litigation triggered by a 2023 data theft attack by ransomware-as-a-service gang Alphv/BlackCat that affected nearly 2.5 million people. […]
