Litigation and legal developments concerning data breaches.
The Record reports a federal mandate that is likely to give a lot of agencies major headaches in compliance: Federal civilian agencies have been ordered to remove end-of-life devices within 12 months due to widespread exploitation campaigns by sophisticated hackers. The U.S. cyber defense agency issued an operational directive on February 5 mandating federal agencies to “remove […]
The Hill reports: Members of Elon Musk’s Department of Government Efficiency (DOGE) improperly shared Social Security data through a third-party server, according to a recent court filing from the Justice Department. The DOGE team embedded at the Social Security Administration (SSA) used Cloudflare, which was not approved for storing agency data, to share data during a 10-day period in March, the […]
Top Class Actions reports: American Addiction Centers Inc. agreed to a $2.75 million class action lawsuit settlement to resolve claims it failed to adequately protect patients’ private information. The settlement benefits individuals whose personal information was potentially compromised in a data breach involving American Addiction Centers on or about Sept. 26, 2024, and who were […]
Preetha Suresh Rini of Robinson Bradshaw explains: In recent years, defendants in data breach class action lawsuits filed in the state courts in North Carolina have succeeded in designating these disputes to the North Carolina Business Court. The Business Court has accepted data breach cases involving ransomware attacks, phishing email incidents and tracking technology cases. […]
KnowTechie reports: Two former cybersecurity professionals have admitted they were secretly running ransomware attacks on the side. According to an announcement this week from the US Department of Justice, Ryan Goldberg, 40, and Kevin Martin, 36, pleaded guilty to orchestrating a string of ransomware attacks in 2023 that netted them about $1.2 million in Bitcoin. Here’s the […]
The Record reports: France’s data protection regulator has fined the software company Nexpublica France €1.7 million ($2 million) for poor cybersecurity practices in the wake of a data breach. In November 2022, users of a Nexpublica portal reported they could access documents about third parties. France’s data regulator, known as CNIL, investigated the incident and […]
By Hunton Andrews Kurth’s Privacy and Cybersecurity Blog: On December 16, 2025, the Federal Trade Commission (“FTC”) announced an enforcement action against Illusory Systems Inc., a Utah-based company doing business as Nomad, following a major data breach in which hackers stole $186 million from consumers. The FTC alleges that Illusory Systems failed to implement adequate data security […]
The Record reports: French authorities arrested a 22-year-old on Wednesday as part of an investigation into a hack of the country’s Interior Ministry that saw the perpetrators access several email accounts and dozens of confidential documents. The ministry confirmed what was described as a serious incident after a user claimed credit for a hack on […]
VitalLaw reports: The Department of Defense would have to add new cybersecurity requirements to its contracts for telecom services when those services are used for “sensitive national security functions” under legislation released yesterday by the House Armed Services Committee. The committee released a compromise version of the National Defense Authorization Act (NDAA) for Fiscal Year […]
Over 160,000 Companies Notify Regulators of GDPR Breaches
Infosecurity Magazine reports: The number of organizations notifying their GDPR regulator of a data breach surged by 22% to a daily average of 443 in 2025, according to DLA Piper. The global law firm has been analyzing GDPR regulatory activity every year since the data protection regulation came into being in 2018. The past 12 months […]