EU-wide Breach Notification Template On The Horizon
Alston & Bird writes: Read more at JDSupra.
Missouri Adopts New Data Breach Notice Law for Insurers – The 10 Things Insurers and Licensed Entities Need to Know
Fisher Phillips writes: As cybersecurity threats escalate, state legislatures across the country are tightening requirements for how insurance entities respond to data breaches – and thanks to a new law just passed several weeks ago, Missouri is getting in on the action. On July 2, Missouri’s Governor approved House Bill 974, “The Insurance Data Security […]
Kentucky AG Sues Temu for “Stealing Kentuckians’ Data”
Robinson + Cole writes: Read more at JDSupra.
Clorox lawsuit says help-desk contractors handed over passwords in 2023 cyberattack
The Record reports: Cleaning product giant Clorox has filed a lawsuit against Cognizant, a company it hired to operate its IT services call-in help desk, accusing the contractor of being directly responsible for a 2023 cyberattack that cost hundreds of millions. The case, filed on Tuesday in California Superior Court, alleges that contractors working for […]
Major Russian-language hacking forum administrator arrested; forum seized
Help Net Security reports that an alleged administrator of xss.is, a dominant Russian-speaking cybercrime forum, was arrested in Kyiv, Ukraine, on 22 July. The takedown followed a long-running investigation led by the French Police and Paris Prosecutor, in close cooperation with Ukrainian authorities and Europol. As Help Net summarizes the allegations: The forum’s administrator is […]
UK moves forward with plans for mandatory reporting of ransomware attacks
The Record reports: The British government’s proposals to overhaul its ransomware strategy reached a minor milestone on Tuesday as the Home Office published its formal response to a consultation on amending the law, but questions remain regarding how effective the measures will be. Public consultations are a regular part of the British legislative process. In […]
Mississippi Law Firm Sues Cyber Insurer Over Coverage for Scam
Bloomberg reports: A Mississippi law firm is suing its cyber insurer, alleging the carrier wrongfully denied coverage for a roughly $150,000 loss stemming from an “elaborate” email scheme. Gore, Kilpatrick & Dambrino PLLC was duped into wiring funds to an account controlled by scammers posing as representatives from a company that was dissolved years earlier, […]
For the Record: Cyber Coverage “For” a Security Breach is Ambiguous under New Mexico Law
Wiley Rein explains: The New Mexico Court of Appeals has held that cyber policy language affording coverage “for” a security breach was ambiguous and must be construed broadly to provide coverage for a breach of contract claim “because of,” “resulting from,” or “on account of” a security breach. Kane ex rel. N.M. Health Connections, Inc. v. Syndicate […]
OCR Enters into Two More Settlements for Failure to Conduct Security Risk Assessments
The Office for Civil Rights (OCR) entered into two recent settlements with HIPAA covered entities alleging that they failed to conduct security risk assessments. Robinson & Cole LLP discusses the enforcement actions. Deer Oaks On July 7, 2025, OCR announced a settlement with Deer Oaks, a behavioral health provider, for alleged violations of HIPAA. The settlement resolves […]
North Dakota’s New InfoSec Requirements for Financial Corporations
Earlier this year, North Dakota’s Governor signed HB 1127, which imposes new obligations for financial corporations operating in North Dakota. The law will take effect on August 1, 2025. From JacksonLewis, an explainer on the new law’s requirements for a comprehensive, written information security programs: Read more of the required elements at Workplace Privacy, Data Management & […]