Litigation and legal developments concerning data breaches.
The Register reports that coming soon, entities in China will have only one hour from discovery to report a serious cyber incident — or even only 30 minutes if it is very serious: From November 1, the Cyberspace Administration of China (CAC) will enforce its new National Cybersecurity Incident Reporting Management Measures, a sweeping set of […]
CryptoPotato reports: A report by the Financial Times revealed that the Securities and Exchange Commission (SEC) plans to issue crypto firms notices of technical violations before taking action. The move is a shift away from the aggressive enforcement approach that was pursued under former President Joe Biden. Trump-appointed SEC Chair Paul Atkins told the Financial Times in […]
Risky Biz News reports that the battle between the US and Portugal over which country gets to prosecute the owner of the RaidForums hacking forum and marketplace continues. Diogo Santos Coelho, known online as Omnipotent, is a Portuguese national who was arrested in the UK in January 2022 when he flew there to visit his […]
From the U.S. Department of Defense, now called the Department of War: On September 9, the Department of War (DoW) released the final Defense Federal Acquisition Regulation Supplement (DFARS) rule implementing the Cybersecurity Maturity Model Certification (CMMC) Program as described at 32 CFR 170.3 for public inspection in the Federal Register. The final rule will […]
From Bloomberg Law: Companies are facing the risk that they will be left alone to fend off cyber attacks. Even as authorities warn of relentless cyber threats, a key tool companies use to safely share information with other businesses and the government is set to expire. Meanwhile, the Cybersecurity and Infrastructure Security Agency, the federal body […]
From Texas Attorney General Ken Paxton: Attorney General Ken Paxton filed suit against PowerSchool, a California-based provider of cloud-based services for K-12 schools, after an unprecedented data breach exposed the sensitive personal identifying information and protected health information of more than 880,000 Texas school-aged children and teachers. PowerSchool’s software collects, processes, and secures sensitive information […]
Healthcare providers wrestling with the legal fallout of cyber-attacks just received a fresh reminder from the District of Arizona: traditional tort and contract theories remain difficult to sustain after a breach, but consumer-fraud statutes can keep a case alive. In Johnson v. Yuma Regional Medical Center, fourteen patients sued the hospital after a ransomware incident exposed […]
“U.S. lawyers filed 1,488 class-action lawsuits related to data breaches in 2024, up from 1,320 in 2023 and just 604 in 2022.” The Wall Street Journal reports: A growing number of personal injury lawyers are adding data-breach lawsuits to caseloads, alongside traffic accidents, medical malpractice and dog bites. The upswing is being fueled by a […]
Becker’s Health IT reports that UnitedHealth Group’s allegedly aggressive approach to securing repayment of loans made to providers following their massive data breach now has two senators demanding some answers: Two U.S. senators are pressing UnitedHealth Group for answers on what they deemed “predatory” tactics from the company in seeking loan repayments from healthcare providers […]
USA Herald reports: Tech conglomerate Fortive Corp. has agreed to a $3 million settlement to resolve a sweeping class action after two ransomware attacks in 2023 exposed the personal data of more than 34,000 individuals, according to a Washington federal judge’s preliminary approval. U.S. District Judge Richard A. Jones, presiding in Seattle, signed off Thursday on the […]
