Litigation and legal developments concerning data breaches.
Martin A. Steinberg, J.D. discusses a case in the Northern District of Illinois: The provider must face negligence and implied-contract claims after patients alleged a vendor breach exposed sensitive health and personal data. Two patients brought a putative class action against HAH Group Holding, LLC d/b/a Help at Home, after a March 2024 vendor data […]
Consumer Affairs reports: Krispy Kreme customers affected by a 2024 data breach may now be eligible for compensation under a proposed class-action settlement. The doughnut chain has agreed to a $1.6 million settlement to resolve claims stemming from a cybersecurity incident disclosed in November 2024. The breach allegedly exposed personal information, including names, dates of […]
The Record reports: Two men are facing years in prison for providing services to a tech-support fraud scheme in India that stole millions of dollars from American citizens. Adam Young, 42, and Harrison Gevirtz, 33, pleaded guilty to misprision of a felony after they were accused of offering phone numbers, call routing services, call tracking […]
From Dutch police news: On May 19 and 20, the criminal VPN service First VPN was taken offline in an international operation. This was carried out by the High Tech Crime Team of the National Investigation Unit, under the authority of the National Public Prosecutor’s Office, in cooperation with the French authorities. Before the service […]
A client alert from Womble Bond Dickinson (US) discusses what it describes as a first-of-its-kind ruling: a California court did not dismiss claims against Bain Capital over the PowerSchool data breach, even though many of the claims occurred before Bain’s acquisition of PowerSchool was completed. On March 18, 2026, the court granted in part and […]
This client alert is based on a longer article Patrick Emerson McCormick wrote for the Conference on Consumer Finance Law Quarterly Report. Attorney-client privilege protects confidential communications made for the purpose of seeking or providing legal advice. The Supreme Court rejected a rigid control-group test and held that employee questionnaires and interview notes directed by corporate counsel were […]
The Record reports: A Chinese national accused of being a member of a state-backed hacking group has been extradited to the U.S. from Milan, his lawyer confirmed on Monday. Xu Zewei was arrested in July 2025 by Italian authorities after he was accused by the U.S. of involvement with a Chinese hacking group allegedly responsible for breaking […]
The law firm of Squire Patton Boggs writes: Connecticut Attorney General William Tong recently issued an advisory memorandum (“Advisory”) to all “State Officials, Agencies and Concerned Parties” about how existing Connecticut laws apply to artificial intelligence (“AI”). In the Advisory, Attorney General Tong hints at enforcement priorities and offers businesses a roadmap for compliance in describing how […]
Comply or risk class-action litigation? IAPP explains: Last year, the California Privacy Protection Agency adopted a major new rule requiring certain businesses to conduct an annual cybersecurity audit. The rule went into effect 1 Jan. 2026. This pioneering requirement, the first of its kind among state data privacy laws of general applicability, may entail substantial compliance efforts […]
The Daily Hodl reports: A bank in the US is settling with customers affected by a cybersecurity breach that exposed sensitive personal information. According to new class action documents, Cadence Bank – a regional bank headquartered in the South – has agreed to a $5.25 million settlement over a data breach tied to vulnerabilities in the […]
