Attorney General James Secures $14.2 Million from Car Insurance Companies Over Data Breaches
From the New York Attorney General’s Office:
PNC Bank faces class action lawsuit over data breach exposing 740,000 records
Top Class Actions reports: A new class action lawsuit alleges The PNC Financial Services Group failed to properly secure and safeguard personally identifiable information of its customers during a data breach earlier this year. Plaintiff Madonna Blunt claims PNC disclosed earlier this month that sensitive customer information was mistakenly provided to another client without authorization […]
Policyholder Plot Twist: Cyber Insurer Sues Policyholder’s Cyber Pros
Hunton Andrews Kurth writes: When a cyber incident occurs and the insurer pays out the claim, they often face the frustrating reality that pursuing the actual criminals – the threat actors – for indemnification is virtually impossible. Thus, insurers are now turning to subrogation claims against the very cybersecurity vendors entrusted by policyholders to protect […]
Cybersecurity Information Sharing Act of 2015 Allowed to Sunset
From Covington and Burling’s Inside Privacy blog: The Cybersecurity Information Sharing Act of 2015 (“CISA 2015”), which provided protections for sharing cybersecurity threat information with the federal government and others, officially sunset on September 30, 2025 pursuant to the law’s original sunset date after efforts to re-authorize it did not succeed. The law created a cybersecurity information […]
‘No Harm, No Foul:’ Courts Take Tougher Line on Data-Breach Suits
The Wall Street Journal reports: A deluge of data-breach lawsuits has a growing number of U.S. judges insisting victims show exactly how their leaked personal data caused “tangible harm,” a high bar that is getting more cases tossed out of court. Judges are also requiring plaintiffs to trace any damages back to a particular breach—a […]
Houston at Ground Zero: Defending America’s Critical Infrastructure From Cyber Threats
Alamdar Hamdani of Bracewell LLP writes: Transcript: Fifteen years ago, I was part of a DOJ team working to bring Al Qaeda terrorists to justice. Today, as a former US Attorney now in private practice, I’m helping Houston companies fight a different kind of enemy—one that targets our critical infrastructure from behind keyboards across the […]
Founder of One of World’s Largest Hacker Forums Resentenced to Three Years in Prison
From the U.S. Department of Justice, September 16, 2025: Fitzpatrick will be serving his prison sentence at FCI Danbury.
China slaps 1-hour deadline on reporting serious cyber incidents
The Register reports that coming soon, entities in China will have only one hour from discovery to report a serious cyber incident — or even only 30 minutes if it is very serious: From November 1, the Cyberspace Administration of China (CAC) will enforce its new National Cybersecurity Incident Reporting Management Measures, a sweeping set of […]
SEC to Notify Crypto Businesses of Technical Violations Before Taking Action: Report
CryptoPotato reports: A report by the Financial Times revealed that the Securities and Exchange Commission (SEC) plans to issue crypto firms notices of technical violations before taking action. The move is a shift away from the aggressive enforcement approach that was pursued under former President Joe Biden. Trump-appointed SEC Chair Paul Atkins told the Financial Times in […]
Extradition Battle Over RaidForums’ Owner Continues
Risky Biz News reports that the battle between the US and Portugal over which country gets to prosecute the owner of the RaidForums hacking forum and marketplace continues. Diogo Santos Coelho, known online as Omnipotent, is a Portuguese national who was arrested in the UK in January 2022 when he flew there to visit his […]