Litigation and legal developments concerning data breaches.
Yale News reports a settlement stemming from a March, 2025 data breach that the Yale New Haven Health System reported to HHS as impacting 5,556,702 individuals: The Yale New Haven Health System has agreed to finance an $18 million settlement fund in response to a class action lawsuit about a data breach that allowed an unauthorized third […]
Insurance Business Magazine reports: A Texas woman has sued Goosehead Insurance Agency over a data breach that exposed sensitive customer information, alleging the company waited seven months to sound the alarm. Jayda Slaughter filed the proposed class action in federal court on October 24, claiming the national insurance agency’s network was infiltrated in early March […]
GGR Asia reports: The operator of the casino resort Marina Bay Sands in Singapore has been fined SGD315,000 (US$243,200) in relation to a data breach that took place in 2023 and involved the personal data of more than 665,000 clients. Singapore’s Personal Data Protection Commission (PDPC) said in an announcement on Tuesday that it had “imposed a […]
TechTarget reports: Integris Health settled a class action data breach lawsuit to resolve claims alleging that it failed to protect the sensitive data of its patients. The data breach in question occurred in November 2023, impacting nearly 2.4 million individuals, including 224,000 minors. The Oklahoma-based health system, which operates 16 hospitals and other healthcare facilities throughout the […]
Given how many breaches are at third-party service providers this year, guidance on dealing with vendors with an eye towards cybersecurity seems timely. October 21, 2025 New York State Department of Financial Services (DFS) Acting Superintendent Kaitlin Asrow today issued new cybersecurity guidance addressing the risks associated with entities becoming increasingly reliant on third-party service […]
The Record reports: Capita, the United Kingdom’s largest outsourcing company, was on Wednesday fined £14 million ($18.7 million) over security failings that saw attackers compromise the personal information of 6.6 million people in a ransomware attack in 2023. The voluntary settlement is for less than a third of the £45 million ($60 million) Britain’s data […]
From Polsinelli PC: In two separate but related actions, third party administrators (TPAs) and their insurance business partners agreed to substantial settlements to resolve allegations that they failed to adequately safeguard sensitive data from cyberattacks. Though neither case involved a finding of fault, both spotlight a growing trend: plaintiffs and regulators are treating basic cybersecurity […]
From the New York Attorney General’s Office:
Top Class Actions reports: A new class action lawsuit alleges The PNC Financial Services Group failed to properly secure and safeguard personally identifiable information of its customers during a data breach earlier this year. Plaintiff Madonna Blunt claims PNC disclosed earlier this month that sensitive customer information was mistakenly provided to another client without authorization […]
John Bolton Indictment Provides Interesting Details About Hack of His AOL Account and Extortion Attempt
Kim Zetter writes: The investigation into former national security advisor John Bolton’s handling of classified material stemmed in part from an admission Bolton made to the FBI in July 2021 that hackers – believed to be from Iran – had breached his private AOL email account and tried to extort him over classified information contained […]