Litigation and legal developments concerning data breaches.
Bank InfoSecurity has an update on the Norton Healthcare breach in 2023: Norton Healthcare, which operates nine hospitals and 480 other care facilities in Kentucky and Indiana, has agreed to pay $11 million to settle class action litigation triggered by a 2023 data theft attack by ransomware-as-a-service gang Alphv/BlackCat that affected nearly 2.5 million people. […]
The Record reports: A 47-year-old man was arrested in Poland for his alleged involvement with the Phobos ransomware operation. … Phobos was a ransomware gang that attacked more than 1,000 organizations worldwide, targeting hospitals, schools, government agencies and more. U.S. prosecutors previously said operators of Phobos and a related strain called 8Base collected upwards of […]
Bleeping Computer reports: South Korea has fined luxury fashion brands Louis Vuitton, Christian Dior Couture, and Tiffany $25 million for failing to implement adequate security measures, which facilitated unauthorized access and the exposure of data belonging to more than 5.5 million customers. All three brands are part of the Louis Vuitton Moët Hennessy (LVMH) group […]
A press release from the Texas State Attorney General: Attorney General Ken Paxton issued Civil Investigative Demands (“CIDs”) to Blue Cross Blue Shield of Texas (“BCBS”) and Conduent Business Services LLC (“Conduent”), demanding documents and information pertinent to the investigation of the Conduent data breach that exposed the sensitive personal data of approximately four million […]
TechCrunch reports: Coupang’s massive data breach in South Korea has now become a geopolitical flashpoint as a growing number of the company’s U.S. investors take legal action against the South Korean government. What began as a regulatory investigation into data security failures has expanded into a broader dispute over alleged unfair treatment of the U.S.-headquartered company. While […]
Top Class Actions reports: Read more at Top Class Actions. The official settlement website has not been posted yet. All consumers should be alert to the possibility that you may receive scam or phishing attempts claiming you are entitled to a settlement. Wait for the official settlement site to learn how class members are being […]
The Record reports a federal mandate that is likely to give a lot of agencies major headaches in compliance: Federal civilian agencies have been ordered to remove end-of-life devices within 12 months due to widespread exploitation campaigns by sophisticated hackers. The U.S. cyber defense agency issued an operational directive on February 5 mandating federal agencies to “remove […]
The Hill reports: Members of Elon Musk’s Department of Government Efficiency (DOGE) improperly shared Social Security data through a third-party server, according to a recent court filing from the Justice Department. The DOGE team embedded at the Social Security Administration (SSA) used Cloudflare, which was not approved for storing agency data, to share data during a 10-day period in March, the […]
Top Class Actions reports: American Addiction Centers Inc. agreed to a $2.75 million class action lawsuit settlement to resolve claims it failed to adequately protect patients’ private information. The settlement benefits individuals whose personal information was potentially compromised in a data breach involving American Addiction Centers on or about Sept. 26, 2024, and who were […]
Over 160,000 Companies Notify Regulators of GDPR Breaches
Infosecurity Magazine reports: The number of organizations notifying their GDPR regulator of a data breach surged by 22% to a daily average of 443 in 2025, according to DLA Piper. The global law firm has been analyzing GDPR regulatory activity every year since the data protection regulation came into being in 2018. The past 12 months […]