Litigation and legal developments concerning data breaches.
The Record reports: Australia became on Friday the first country in the world to require victims of ransomware attacks to declare to the government any extortion payments made on their behalf to cybercriminals. The law, initially proposed last year, only applies to organizations with an annual turnover greater than AUS $3 million ($1.93 million) alongside a smaller […]
The Register reports: A Seattle cancer facility has agreed to fork out around $52.5 million as part of a class action settlement linked to a Thanksgiving 2023 cyberattack where criminals directly threatened cancer patients with swat attacks. The Fred Hutchinson Cancer Center (Fred Hutch) disclosed its November 2023 attack a month later, after it confirmed […]
PYMNTS reports: American banking groups want the Securities and Exchange Commission (SEC) to revoke its cybersecurity incident disclosure requirements. These groups, led by the American Bankers Association (ABA), wrote to the SEC last week, contending that disclosing cybersecurity incidents “directly conflicts with confidential reporting requirements intended to protect critical infrastructure and warn potential victims.” Joining the ABA were the Securities Industry […]
The Netherlands added a new criminal provision to its criminal code. The provision went into effect on May 15. As seen on the government’s website: More forms of espionage, such as digital and diaspora espionage, are to be a criminal offence from 15 May onwards. To achieve this a new criminal provision is being added […]
The Southern Maryland Chronicle reports: The Federal Trade Commission finalized a settlement with GoDaddy on May 23, 2025, addressing allegations that the web hosting provider misled consumers about its data security practices, leading to multiple data breaches. The order, approved unanimously by a 3-0 vote, mandates significant security upgrades and prohibits GoDaddy from making false […]
Baker Donelson writes: Read more at JDSupra. \
The Guardian reports that a significant cyberattack affecting the Legal Aid Agency in the UK affects both legal aid applicants and legal aid providers: The personal data of hundreds of thousands of legal aid applicants in England and Wales dating back to 2010, including criminal records and financial details, has been accessed and downloaded in a “significant” […]
Brian Krebs reports: In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick, a.k.a. “Pompompurin,” is slated for resentencing next month […]
The Record reports that Japan has enacted a new law that permits the country’s authorities to preemptively engage with adversaries through offensive cyber operations to prevent significant damage to the country: The new Active Cyberdefense Law mirrors recent reinterpretations of Article 9, providing Japan’s Self-Defence Forces with the right to provide material support to allies […]
As seen at Corporate Compliance Insights: Organizations handling New Yorkers’ data now face one of the country’s shortest breach notification deadlines. Morrison Foerster attorneys Melissa Crespo and Reiley Porter break down the state’s recent amendments that impose a 30-day notification requirement and expand protected information categories to include medical and health insurance data. Recent amendments […]
