Litigation and legal developments concerning data breaches.
By Hunton Andrews Kurth’s Privacy and Cybersecurity Blog: On December 16, 2025, the Federal Trade Commission (“FTC”) announced an enforcement action against Illusory Systems Inc., a Utah-based company doing business as Nomad, following a major data breach in which hackers stole $186 million from consumers. The FTC alleges that Illusory Systems failed to implement adequate data security […]
The Record reports: French authorities arrested a 22-year-old on Wednesday as part of an investigation into a hack of the country’s Interior Ministry that saw the perpetrators access several email accounts and dozens of confidential documents. The ministry confirmed what was described as a serious incident after a user claimed credit for a hack on […]
VitalLaw reports: The Department of Defense would have to add new cybersecurity requirements to its contracts for telecom services when those services are used for “sensitive national security functions” under legislation released yesterday by the House Armed Services Committee. The committee released a compromise version of the National Defense Authorization Act (NDAA) for Fiscal Year […]
The United States Attorney’s Office for Eastern District of Louisiana issued a press release about the sentencing of a Romanian national who was arrested one week after installing skimming devices at three locations in Louisiana: Acting U.S. Attorney Michael M. Simpson announced that ANDREI FAGARAS (“FAGARAS”), age 35, a Romanian national, was sentenced on December 2, 2025 […]
There have been many articles written about the threat of artificial intelligence (AI) being used to program or assist cybercrime, but very little evidence of it actually happening. Here is a case where it has reportedly happened. Kyodo News reports: A 17-year-old boy was served an arrest warrant on Thursday on suspicion of breaching the […]
Good news for “white hat” researchers. Bleeping Computer reports: Read more at Bleeping Computer.
Data Breach Today reports: The U.K. government is considering amending its three-decade-old hacking law to include a “statutory defense” cover for security researchers, Security Minister Dan Jarvis said. The announcement comes amid concerns that the law penalizes white hat hackers for essential security practices such as participating in bug bounties. Speaking at a Financial Times […]
Reuters reports: Comcast will pay a $1.5 million fine after a vendor breach exposed personal data from 237,000 current and former customers, the Federal Communications Commission said on Monday. The FCC said a debt collector used by Comcast until 2022, Financial Business and Consumer Solutions, suffered a 2024 data breach that exposed personal information of Comcast […]
Covington and Burling writes: On November 20, 2025, the Securities and Exchange Commission (“SEC”) announced that it was voluntarily dismissing the case it brought against SolarWinds Corp. (“SolarWinds”) and its information security officer, Timothy Brown, regarding the company’s security practices and related statements in connection with the “Sunburst” cybersecurity incident. The SEC stated in a […]
TORONTO, ON (November 18, 2025) — Ontario and Alberta information and privacy commissioners have released the findings of their investigations into a massive privacy breach involving PowerSchool education technology (edtech) used by schools in their respective provinces. The incident, which affected millions of Canadians across the country, highlights the importance for educational bodies, including school boards, […]
