Litigation and legal developments concerning data breaches.
The Record reports: Capita, the United Kingdom’s largest outsourcing company, was on Wednesday fined £14 million ($18.7 million) over security failings that saw attackers compromise the personal information of 6.6 million people in a ransomware attack in 2023. The voluntary settlement is for less than a third of the £45 million ($60 million) Britain’s data […]
From Polsinelli PC: In two separate but related actions, third party administrators (TPAs) and their insurance business partners agreed to substantial settlements to resolve allegations that they failed to adequately safeguard sensitive data from cyberattacks. Though neither case involved a finding of fault, both spotlight a growing trend: plaintiffs and regulators are treating basic cybersecurity […]
From the New York Attorney General’s Office:
Top Class Actions reports: A new class action lawsuit alleges The PNC Financial Services Group failed to properly secure and safeguard personally identifiable information of its customers during a data breach earlier this year. Plaintiff Madonna Blunt claims PNC disclosed earlier this month that sensitive customer information was mistakenly provided to another client without authorization […]
Hunton Andrews Kurth writes: When a cyber incident occurs and the insurer pays out the claim, they often face the frustrating reality that pursuing the actual criminals – the threat actors – for indemnification is virtually impossible. Thus, insurers are now turning to subrogation claims against the very cybersecurity vendors entrusted by policyholders to protect […]
From Covington and Burling’s Inside Privacy blog: The Cybersecurity Information Sharing Act of 2015 (“CISA 2015”), which provided protections for sharing cybersecurity threat information with the federal government and others, officially sunset on September 30, 2025 pursuant to the law’s original sunset date after efforts to re-authorize it did not succeed. The law created a cybersecurity information […]
The Wall Street Journal reports: A deluge of data-breach lawsuits has a growing number of U.S. judges insisting victims show exactly how their leaked personal data caused “tangible harm,” a high bar that is getting more cases tossed out of court. Judges are also requiring plaintiffs to trace any damages back to a particular breach—a […]
Alamdar Hamdani of Bracewell LLP writes: Transcript: Fifteen years ago, I was part of a DOJ team working to bring Al Qaeda terrorists to justice. Today, as a former US Attorney now in private practice, I’m helping Houston companies fight a different kind of enemy—one that targets our critical infrastructure from behind keyboards across the […]
From the U.S. Department of Justice, September 16, 2025: Fitzpatrick will be serving his prison sentence at FCI Danbury.
John Bolton Indictment Provides Interesting Details About Hack of His AOL Account and Extortion Attempt
Kim Zetter writes: The investigation into former national security advisor John Bolton’s handling of classified material stemmed in part from an admission Bolton made to the FBI in July 2021 that hackers – believed to be from Iran – had breached his private AOL email account and tried to extort him over classified information contained […]