News & Analysis as of June 22, 2025

Cybersecurity › Data Breach › Personal Information

+ Follow

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk... more +

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk management, global regulations, data protection, leaks, hacking, cyber insurance, compliance, HIPAA, and every other aspect of cybersecurity of import to corporate readers right now. less -

Don’t Get Caught in Scattered Spider’s Web

McCarter & English, LLP on 6/19/2025

The cybercrime group known as Scattered Spider is at it again, according to Google’s Threat Intelligence Group. This criminal group is known to focus its cyber attacks on one sector at a time. Last spring, it was the retail...more

Adidas and UChicago Sued Over Data Breaches Caused by Third-Party Vendors

Robinson+Cole Data Privacy + Security Insider on 6/5/2025

What do a global sportswear giant and a prestigious medical center have in common? Apparently, a shared struggle defending data breach lawsuits for breaches of sensitive personal information caused by third-party vendors....more

Oklahoma Expands its Security Breach Notification Law

Jackson Lewis P.C. on 6/5/2025

The Oklahoma State Legislature recently enacted Senate Bill 626, amending its Security Breach Notification Act, effective January 1, 2026, to address gaps in the state’s current cybersecurity framework (the “Amendment”). The...more

Data Breach Lawsuits Surge Against Chord Specialty Dental Partners

Robinson+Cole Data Privacy + Security Insider on 5/23/2025

Pennsylvania-based Chord Specialty Dental Partners is under fire after a September 2024 data breach compromised the personal information of over 173,000 individuals. At least seven proposed class action lawsuits have been...more

OIG makes seven recommendations for CFPB following major incident

Orrick, Herrington & Sutcliffe LLP on 5/19/2025

On May 5, the OIG for the Fed authored a report with several recommendations for the CFPB following a major security incident regarding confidential supervisory information (CSI). The OIG issued four findings with seven...more

Ascension Notifies 430,000 Patients of Data Breach

Robinson+Cole Data Privacy + Security Insider on 5/16/2025

Healthcare system Ascension has notified 437,329 patients of a data breach exposing “demographic information, such as name, address, phone number(s), email address, date of birth, race, gender, and Social Security numbers, as...more

Privacy Tip #443 – Fake AI Tools Used to Install Noodlophile

Robinson+Cole Data Privacy + Security Insider on 5/15/2025

Threat actors are leveraging the publicity around AI tools to trick users into downloading the malware known as Noodlophile through social media sites. Researchers from Morphisec have observed threat actors, believed to...more

“Littlejohn Notices” Continue to Cause Big Headaches for Taxpayers

Cadwalader, Wickersham & Taft LLP on 5/1/2025

Earlier this year, the IRS confirmed that over 400,000 taxpayers were victims of IRS contractor Charles Littlejohn’s 2019 leak of taxpayer data, which is discussed here. Littlejohn stole IRS data that included taxpayers’...more

Privacy Tip #441 – Identity Theft Statistics Increasing in 2025

Robinson+Cole Data Privacy + Security Insider on 4/25/2025

Unfortunately, identity theft continues to increase, and according to Identitytheft.org, the statistics are going to get worse in 2025. Some of the statistics cited by Identitytheft.org include: 1.4 million complaints of...more

Gavel to Gavel: New additions to Oklahoma’s Security Breach Notification Act may soon become law

McAfee & Taft on 4/25/2025

As cybersecurity attacks continue to rise, the Oklahoma Legislature is taking efforts to update old laws regarding notification of security breaches. On January 14, 2025, Sen. Brent Howard and Rep. John Pfeiffer...more

Phishing Attacks – Anyone Can Get Pwned

Robinson+Cole Data Privacy + Security Insider on 3/28/2025

HaveIBeenPwned is a website that allows users to check whether their data has been involved in data breaches. The website’s creator, Troy Hunt, was the subject of a phishing attack earlier this week....more

California Cryobank Hit with Lawsuit over Sperm Donor Databank Breach

Robinson+Cole Data Privacy + Security Insider on 3/28/2025

California Cryobank, LLC, the largest sperm bank in the country, faces a lawsuit in the U.S. District Court for the Central District of California over an April 2024 data breach. Cryobank provides frozen donor sperm and...more

NY Settles With Insurer on Data Breach Rooted in Security Deficiencies

Cozen O'Connor on 3/28/2025

New York AG Letitia James settled with Root Insurance Company to resolve allegations that the company’s data security deficiencies led to a 2021 data breach involving 72,000 people, in violation of state consumer protection...more

DISA Global Faces Class Action After Cyber-Attack

Robinson+Cole Data Privacy + Security Insider on 3/7/2025

Last week, two separate class actions were filed in the federal district court for the Southern District of Texas against DISA Global Solutions (DISA), a third-party employment screening services provider, related to an April...more

A Brief Reminder About the Florida Information Protection Act

Jackson Lewis P.C. on 3/4/2025

According to one survey, Florida is fourth on the list of states with the most reported data breaches. No doubt, data breaches continue to be a significant risk for all business, large and small, across the U.S., including...more

Data breach class actions – Northern District of Georgia dismisses four substantive claims, but two survive

Kilpatrick on 2/28/2025

Takeaway: Former FBI Director Robert Mueller once famously said, “There are only two types of companies: those that have been hacked and those that will be.” These days cyberattacks seem to happen all the time. And when a...more

More Taxpayers Hit with “Littlejohn Notices”, Leaving Many Not so Merry

Cadwalader, Wickersham & Taft LLP on 2/27/2025

In April 2024, the IRS sent notices informing more than 70,000 taxpayers that their tax and personal data had been stolen in 2019 by a former IRS contractor, Charles Littlejohn. Littlejohn not only stole the data of hundreds...more

The Growing Cybersecurity Risks in the Cannabis Industry

Clark Hill PLC on 2/26/2025

Those familiar with the industry know that cannabis retailers find themselves in a unique position compared to other product retailers. Cannabis retailers face significant regulatory hurdles to their operation—particularly in...more

NewsBank Hit with Class Action over Employee Data Breach

Robinson+Cole Data Privacy + Security Insider on 2/21/2025

Last week, a class action was filed against NewsBank, Inc., a Florida-based news database company, related to a 2024 breach of employee personal information. NewsBank provides a database of archived news publications...more

Marriott Settles for $52M & Enhances Data Protections After Multi-State Investigations

Kohrman Jackson & Krantz LLP on 2/10/2025

Marriott has agreed to pay $52 million dollars and implement new consumer data protections to settle investigations by attorneys general from 49 states and the Federal Trade Commission, following data breaches that occurred...more

Privacy Tip #429 – Threat Actors Continue to Use QR Codes for Fraudulent Purposes

Robinson+Cole Data Privacy + Security Insider on 1/30/2025

We have repeatedly warned our readers about malicious QR codes and their use by threat actors. Threat actors are now using these codes to disguise packages as gifts....more

Data Privacy Day Checklist: Top 10 ways to protect your organization's data

Constangy, Brooks, Smith & Prophete, LLP on 1/27/2025

Tomorrow is International Data Privacy Day, so a happy day to all! More seriously, data privacy concerns and legislation continue to rapidly increase. It has been estimated that by the end of 2024 more than 75 percent of...more

Insider Threats: The Overlooked Risks of Departing Employees and Sensitive Data Theft

Jackson Lewis P.C. on 1/21/2025

Insider threats continue to present a significant challenge for organizations of all sizes. One particularly concerning scenario involves employees who leave an organization and impermissibly take or download sensitive...more

Businesses Have 30 Days to Report a Security Breach of New Yorker’s Private Information

Tarter Krinsky & Drogin LLP on 1/17/2025

New York State Governor Hochul recently gave us a “pre” New Year’s gift: effective on December 21, 2024, any individuals or businesses possessing the “private information” of New Yorkers must notify them, and certain state...more

Data Privacy in Singapore: Case Study: Appointing a “Virtual” Data Protection Officer (DPO)

Ankura on 1/16/2025

The Personal Data Protection Commission (PDPC) of Singapore recently issued a mandate requiring all businesses operating in the country to appoint a Data Protection Officer (DPO) by September 30, 2024, and submit their...more

176 Results

/

View per page

Page: of 8

Next »