Legal News - The Data Breach Times

January 15, 2025

1128 views 2 mins 0

Attorney General Ken Paxton Sues Allstate and Arity for Unlawfully Collecting, Using, and Selling Over 45 Million Americans’ Driving Data to Insurance Companies

A January 13, 2025 press release from Texas Attorney General Ken Paxton: Texas Attorney General Ken Paxton sued Allstate and its subsidiary, Arity (“Allstate”), for unlawfully collecting, using, and selling data about the location and movement of Texans’ cell phones through secretly embedded software in mobile apps, such as Life360. Allstate and other insurers then […]

Legal News, Data Breach News, Malware Ransomware

January 15, 2025

1007 views 3 mins 0

UK government plans to prohibit government and public sector entities from paying ransomware demands

Governments have routinely urged ransomware victims not to pay ransom demands, as it only encourages them to attack even more victims. Now the UK government may prohibit government and public sector entities from paying. LBC reports: Security minister Dan Jarvis told LBC: “We want these cyber criminals who operate from Russia and elsewhere to look […]

Data Breach News, Legal News, News

January 14, 2025

1739 views 44 secs 0

Robinhood to Pay $45 Million SEC Settlement Over Data Breach, Other Violations

WSJ reports: Two brokerage units of Robinhood Markets agreed to pay $45 million to settle an investigation by the Securities and Exchange Commission into a range of alleged violations, including one stemming from a 2021 data breach that exposed millions of customer names and emails. The settlement is the latest in a string of big […]

Legal News, Data Breach News

January 10, 2025

1025 views 2 mins 0

PowerSchool Sued Over December Breach of Student, Teacher Data

24 hours. That’s the gap between PowerSchool’s disclosure of a hacking incident affecting teacher and student data and the filing of the first potential class-action lawsuit. Bloomberg Law reports on three potential class-action lawsuits that were filed on January 8th and 9th against the provider of cloud-based education software for K-12 schools: The complaints bring […]

Legal News

January 04, 2025

979 views 2 mins 0

Tick Tock: You now have less than 30 days from discovery of a breach to notify New Yorkers

New York’s Governor Hochul signed two bills into law in December that modify New York’s breach notification law. One that has already gone into effect replaces the “in the most expedient time” type of language with an actual deadline of 30 days from discovery of a breach but retains an exception for the legitimate needs […]

Legal News, News

December 29, 2024

930 views 5 mins 0

HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA

The Department’s Office for Civil Rights seeks to update HIPAA Security Rule for the first time since 2013 Source: U.S. Department of Health and Human Services, December 27, 2024

Legal News

December 18, 2024

516 views 12 secs 0

CISA orders federal agencies to secure Microsoft cloud systems after ‘recent’ intrusions

For a while, it was just a recommendation. Now it’s mandatory. Federal civilian agencies were ordered to secure their Microsoft cloud systems after several recent cyber incidents. The Cybersecurity and Infrastructure Security Agency (CISA) issued a binding directive on Tuesday giving federal agencies a series of deadlines to identify cloud systems, implement assessment tools and abide by […]

Legal News, Healthcare, Insurance News, News

December 18, 2024

1508 views 6 mins 0

Nebraska AG files lawsuit against Change Healthcare

It is the first lawsuit filed by a state attorney general against Change Healthcare over the February breach that affected 100,000 Americans. From the state’s December 16 press release: Download the court filing.

Legal News, News

December 17, 2024

1132 views 6 mins 0

Irish Data Protection Commission fines Meta €251 Million

A press release from the DPC explains the penalty:

Legal News, Cyberattack, News

December 17, 2024

1182 views 3 mins 0

SEC Charges Flagstar for Misleading Investors About Cyber Breach

ADMINISTRATIVE PROCEEDINGFile No. 3-22360 December 16, 2024 – The Securities and Exchange Commission today filed settled charges against Flagstar Bancorp, Inc. (now known as “Flagstar Financial, Inc.”), for making materially misleading statements regarding a cybersecurity attack on Flagstar’s network in late 2021 (the “Citrix Breach”). The SEC’s order finds that Flagstar negligently made materially misleading statements […]