Litigation and legal developments concerning data breaches.
HIPAA Journal reports: A $35,000,000 settlement has been agreed to resolve a long-running class action lawsuit against Labcorp over a 2018 cybersecurity incident at American Medical Collection Agency. Laboratory Corporation of America Holdings (Labcorp), a provider of diagnostic testing services, had contracted with a company called Retrieval-Masters Creditor’s Bureau, Inc., which does business as American Medical […]
The Record reports that the court administrator approved a $47 million settlement fund, even though plaintiffs had sought $47 billion: A Missouri bankruptcy court administrator on Wednesday signed off on a deal that gives millions of victims of a 2023 data breach at 23andMe a cut of a $46.8 million settlement fund. About 7 million […]
WBRZ reports: he St. George Fire Protection District is suing Baton Rouge cybersecurity company General Informatics, blaming them for allowing hackers to gain access to the fire department’s network in 2023. The lawsuit, filed by the fire department on May 23, claims that General Informatics was hired to prevent cyberattacks and now seeks damages from […]
Two proposed state laws could impact incident response and costs: New Jersey Assembly Bill 1852 and New York Senate Bill 3078. As the National Law Review reports: New Jersey’s proposed bill narrows permissible notice methods to written notice or electronic notice. It removes the existing substitute-notice pathway that many companies rely on when notice costs are […]
KRCR reports: California Attorney General Rob Bonta announced a lawsuit Thursday against genetic testing company 23andMe, now known as Chrome Holding Company, accusing the company of failing to protect millions of users’ sensitive genetic information during a massive 2023 data breach. According to the lawsuit, the breach exposed the personal information of nearly 7 million users […]
Martin A. Steinberg, J.D. discusses a case in the Northern District of Illinois: The provider must face negligence and implied-contract claims after patients alleged a vendor breach exposed sensitive health and personal data. Two patients brought a putative class action against HAH Group Holding, LLC d/b/a Help at Home, after a March 2024 vendor data […]
Consumer Affairs reports: Krispy Kreme customers affected by a 2024 data breach may now be eligible for compensation under a proposed class-action settlement. The doughnut chain has agreed to a $1.6 million settlement to resolve claims stemming from a cybersecurity incident disclosed in November 2024. The breach allegedly exposed personal information, including names, dates of […]
The Record reports: Two men are facing years in prison for providing services to a tech-support fraud scheme in India that stole millions of dollars from American citizens. Adam Young, 42, and Harrison Gevirtz, 33, pleaded guilty to misprision of a felony after they were accused of offering phone numbers, call routing services, call tracking […]
From Dutch police news: On May 19 and 20, the criminal VPN service First VPN was taken offline in an international operation. This was carried out by the High Tech Crime Team of the National Investigation Unit, under the authority of the National Public Prosecutor’s Office, in cooperation with the French authorities. Before the service […]
A client alert from Womble Bond Dickinson (US) discusses what it describes as a first-of-its-kind ruling: a California court did not dismiss claims against Bain Capital over the PowerSchool data breach, even though many of the claims occurred before Bain’s acquisition of PowerSchool was completed. On March 18, 2026, the court granted in part and […]
