Litigation and legal developments concerning data breaches.
The Privacy Commissioner of Canada recently announced an online tool to help businesses and federal institutions that experience a privacy breach to assess whether the breach is likely to create a real risk of significant harm to individuals:
Top Class Actions reports: Rite Aid agreed to a $6.8 million class action lawsuit settlement to resolve claims it failed to prevent a 2024 data breach that compromised customer information. The settlement benefits consumers whose personal information was compromised in the Rite Aid data breach on June 6, 2024. According to the lawsuit, Rite Aid […]
The Record reports: Advanced, a business that provides IT services to numerous healthcare providers in the United Kingdom, has been fined £3.1 million (about $4 million) by the country’s privacy regulator over a ransomware attack in 2022. The company had initially faced a fine of £6 million before coming to a voluntary settlement with the Information Commissioner’s […]
Federal contractors who claim that they comply with federal cybersecurity standards better do so, or they may be charged under the False Claims Act, as we saw with the Health Net Federal Services settlement last month and now with Morsecorp. The Department of Justice announced today: Source: U.S. Department of Justice
The Register reports: Beleaguered DNA testing biz 23andMe – hit by a massive cyber attack in 2023 – is filing for bankruptcy protection in the US following years of financial uncertainty. It said that Chapter 11 proceedings were initiated in the US Bankruptcy Court for the Eastern District of Missouri on Sunday, and the court will oversee […]
Top Class Actions reports: National Student Clearinghouse agreed to a $9.95 million class action lawsuit settlement to resolve claims that it failed to protect consumers from a 2023 MOVEit data breach. The National Student Clearinghouse settlement benefits individuals whose Social Security numbers were included in the files affected by the MOVEit data breach between May […]
Data Breach Today reports that Australia’s financial regulator has filed a lawsuit against FIIG Securities over cybersecurity failures that enabled a threat actor to steal confidential personal information of 18,000 customers: The Australian Securities and Investments Commission said it decided to sue Brisbane-headquartered FIIG Securities in Federal Court after observing the company’s “systemic and prolonged cybersecurity failures” […]
Fisher & Phillips LLP writes: With eight states rolling out new privacy laws in 2025 and many more already on the books, businesses have never faced a more fragmented regulatory landscape. These laws will expand consumer rights, impose stricter data governance obligations, and create a complex compliance environment for businesses operating across state lines. While […]
From the law firm of BakerHostetler: In data breach litigation, courts generally find plaintiffs have standing such that their complaints may proceed past the pleading stage when it is alleged that sensitive information was impacted and there is an allegation of dark web exposure, misuse or fraud. However, a few courts have recently dismissed proposed […]
Tycko & Zavareei Whistleblower Practice Group writes: February 2025 saw an important False Claims Act settlement involving allegations of known cybersecurity failures by Health Net Federal Services Inc. (HNFS), a government contractor that provides TRICARE healthcare management services to active duty military members and their families. HNFS as well as its parent corporation Centene agreed […]
