Litigation and legal developments concerning data breaches.
On March 14, 2024, the Court of Justice of the EU (“CJEU”) ruled that EU supervisory authorities have the (corrective) power to order data controllers who have been found to process personal data unlawfully to erase such personal data, even if the data subjects have not requested the erasure. (Case C‑46/23) The CJEU ruled that […]
Law enforcement has been providing new information each day about the disruption to LockBit’s operations. In today’s news, there’s a reward offered for information on the perpetrators and affiliates. The reward offer was published by the U.S. Department of State: The Department of State is announcing reward offers totaling up to $15 million for information […]
Tech Times reports: A study by researchers from the University of Minnesota and George Mason University has reportedly claimed that US cybersecurity laws on breach notifications have little to no effect on curbing data breach incidents in the country. The legislation that requires businesses to tell customers if their data has been compromised, known as breach notification laws (BNLs), enacted by governments of […]
The biggest cybercrime news of the week may be the takedown of LockBit3.0, but U.S. law enforcement also made news last week by announcing rewards for information leading to the identification or location of leaders of AlphV (BlackCat) or those who participate in it. Here is the press release from the U.S. Department of State: […]
The Record reports 118 class action lawsuits have been filed against data brokers who allegedly failed to respond to requests from New Jersey law enforcement personnel who requested their personal information be removed from the internet. Daniel’s Law, named for Daniel Anderl, the son of Judge Esther Salas and Mark Anderl, who was murdered by […]
In honor of Privacy Day, Steven A. Augustino and Jack Pringle of Nelson Mullins have highlighted new security breach rules promulgated by the Federal Communications Commission (FCC). Their article begins by pointing out something also noted in the healthcare sector, where increasing concurrent jurisdiction increases the number of federal and state regulations entities must comply […]
FTC says company’s poor security allowed hacker to steal sensitive data of millions of consumers, go undetected for months South Carolina-based Blackbaud Inc. will be required to delete personal data that it doesn’t need to retain as part of a settlement with the Federal Trade Commission over charges that the company’s lax security allowed a […]
The Guardian reports: A former Central Intelligence Agency (CIA) software engineer who was convicted for carrying out the largest theft of classified information in the agency’s history and of charges related to child abuse imagery was sentenced to 40 years in prison on Thursday. The 40-year sentence by US district judge Jesse Furman was for […]
While advocates for more transparency and timely disclosures in response to data breaches were generally pleased with the new disclosure rule by the SEC that went into effect on December 18, not everyone was pleased. In November 2023, Senator Thomas Tillis [R-NC] introduced bill S.J.Res.50 – A joint resolution providing for congressional disapproval under chapter […]
Do you know what your cyber policy covers? (Southwest Airlines v. Liberty Insurance Underwriters)
An article by attorneys at Barnes & Thornburg LLP discusses a court case that serves as a useful reminder of how provisions of cyber policies may be interpreted when it comes to coverage of cyber-related incidents — even when those incidents are not data breaches. In 2016, Southwest Airlines suffered a computer system failure that […]