What do a global sportswear giant and a prestigious medical center have in common? Apparently, a shared struggle defending data breach lawsuits for breaches of sensitive personal information caused by third-party vendors....more
CYBERSECURITY - U.S. Retailers Bracing for Scattered Spider Attacks - Google sent out a warning that the cybercriminal group Scattered Spider is targeting U.S.-based retailers. Scattered Spider is believed to have been...more
5/30/2025
/ Artificial Intelligence ,
CIPA ,
Class Action ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Security ,
Privacy Laws ,
Ransomware ,
State Data Privacy Laws ,
Web Tracking
Pennsylvania-based Chord Specialty Dental Partners is under fire after a September 2024 data breach compromised the personal information of over 173,000 individuals. At least seven proposed class action lawsuits have been...more
5/23/2025
/ Class Action ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Dental Practice ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Personal Information ,
Privacy Laws
California Cryobank, LLC, the largest sperm bank in the country, faces a lawsuit in the U.S. District Court for the Central District of California over an April 2024 data breach. Cryobank provides frozen donor sperm and...more
Last week, a class action was filed against NewsBank, Inc., a Florida-based news database company, related to a 2024 breach of employee personal information.
NewsBank provides a database of archived news publications...more
2/21/2025
/ Class Action ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Employee Privacy Rights ,
Employee Rights ,
Identity Theft ,
Personal Data ,
Personal Information ,
Privacy Laws
Ethical hackers identified an arbitrary account takeover flaw in the administrator portal for Subaru’s Starlink service, which could allow a threat actor to hijack a vehicle through a Subaru employee account. This...more
1/31/2025
/ Automotive Industry ,
Connected Cars ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Hackers ,
Manufacturers
TikTok users are seeking alternate platforms to share and view content as the U.S. is set to ban the popular social media app on January 19, 2025. Instead of turning to U.S.-based companies like Facebook or Instagram, users...more
At the close of 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (the Proposed Rule) to amend the Security Rule regulations established...more
American Addiction Centers Inc. faces a class action in the Middle District of Tennessee for allegations that it violated the Health Insurance Portability and Accountability Act (HIPAA) by failing to protect patient data from...more
2024 was a year chock-full of data breaches and privacy violations. Many new data privacy and cybersecurity regulations were introduced (and became effective), and regulators sent a strong message to businesses that privacy...more
1/3/2025
/ Biometric Information ,
Class Action ,
Compliance ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
FCC ,
Fines ,
Personal Data ,
Ransomware ,
Regulatory Oversight ,
Settlement
The Consumer Financial Protection Bureau (CFPB) announced this week that it intends to increase the scrutiny on data brokers to better protect service members, law enforcement officials, domestic violence victims, senior...more
During the California Privacy Protection Agency’s (CPPA) meeting on November 8, 2024, it voted to proceed with formal rulemaking regarding artificial intelligence (AI) and cybersecurity audits. The CPPA’s rulemaking related...more
Oak Valley Hospital, located in Oakdale, California, reached a settlement in a class action related to a 2023 data breach. On July 18, 2023, Oak Valley detected suspicious activity on its IT systems. Pursuant to the forensic...more
Elemetal LLC faces a data breach class action resulting from its alleged failure to implement appropriate security measures, which led to a 2023 breach of approximately 13,000 customers’ personal information. Elemetal is a...more
This week, the Securities and Exchange Commission (SEC) charged four public companies for alleged deceptive cyber disclosures: Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd., and Mimecast Limited....more
This week, Marriott International, Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC (collectively, Marriott) agreed to settle on the terms of a settlement order with the Federal Trade Commission (FTC) for its...more
Last week, the Federal Communications Commission (FCC) announced a data protection and cybersecurity settlement with T-Mobile, resolving the FCC’s investigations related to the data breaches suffered by T-Mobile that affected...more
The recent enforcement activities of the newest federal strike force serve as a warning to U.S. manufacturers and other businesses involved in the export of products that the government is doubling down on prosecuting trade...more
9/27/2024
/ Compliance ,
Criminal Prosecution ,
Cybersecurity ,
DOJ Strike Force ,
Economic Sanctions ,
Enforcement Actions ,
Export Control Reform Act (ECRA) ,
Export Controls ,
Exporters ,
Exports ,
Indictments ,
Manufacturers ,
Popular ,
Technology
Last week, the U.S. Department of Defense (DoD) released a proposed amendment to the Defense Acquisition Regulations Supplement (DFARS) that would require a Cybersecurity Maturity Model Certification (CMMC) program to become...more
This week, two class actions were filed in the U.S. District Court for the Eastern District of Pennsylvania against David’s Bridal based on two data breaches. The actions allege that David’s Bridal failed to protect the...more
Last month, multiple car dealerships and auto repair shops filed federal lawsuits against CDK Global LLC, a technology company providing software to the automotive, heavy truck, recreation, and heavy equipment industries, as...more
CYBERSECURITY -
CISA Issues Advisory on Black Basta Ransomware -
On May 10, 2024, CISA, along with the FBI, HHS, and MS-ISAC, issued a joint Cybersecurity Advisory relating to Black Basta ransomware affiliates “that...more
5/17/2024
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Security ,
NIST ,
Ransomware ,
Risk Mitigation
CYBERSECURITY -
Health Care Entities Continue to Get Pummeled by Cybersecurity Attacks -
The newest health care entity to be hit by a cyberattack is Ascension Health, which operates 140 hospitals and 40 assisted living...more
5/13/2024
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Proposed Legislation ,
Regulatory Agenda ,
Regulatory Reform ,
Snapchat ,
Surveillance ,
TikTok
CYBERSECURITY -
Health Care Entities Continue to Get Pummeled by Cybersecurity Attacks -
The newest health care entity to be hit by a cyberattack is Ascension Health, which operates 140 hospitals and 40 assisted living...more
5/10/2024
/ Consumer Privacy Rights ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Sharing ,
Personal Data ,
Personally Identifiable Information ,
Social Media
CYBERSECURITY -
CISA + Partners Issue Alert for Protection of Water Systems, Dams, Energy + Food + Ag -
In response to the growing threat by pro-Russia hacktivists, on May 1, 2023, CISA and other national agency...more
5/3/2024
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
FCC ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Location Data ,
OCR