A professional accounting firm in Illinois received an unwanted holiday “gift” in the form of a class action complaint stemming from its alleged failure to secure personally identifiable information (PII) and to timely notify affected parties of a data breach.

On December 17, 2021, a lawsuit was filed against Bansley & Kierner, LLP, which offers

A federal District Court judge in Illinois sided with the U.S. Department of Labor (DOL) in ordering Alight Solutions, LLC, an ERISA plan services provider, to comply with an administrative subpoena seeking documents pertaining to alleged cybersecurity breaches. The Court’s order in the case, Walsh v. Alight Solutions, LLC, Dkt. # 20-cv-02138 (N.D. Ill.), is

The Florida Department of Economic Opportunity (DEO) recently announced that it discovered on July 16, 2021 that its online unemployment benefit system, CONNECT was compromised, potentially affecting personal information of 57,000 accounts.

The information that may have been accessed in the incident includes individuals’ “personal details” including “social security number, driver’s license number, bank account

Mint Mobile notified a “small number” of customers last weekend that their personal information was compromised between June 8 and June 10, when a threat actor ported the phone numbers of those customers to another carrier without authorization.

According to the breach notification sent to those customers, “While we immediately took steps to reverse the

University Medical Center in Las Vegas announced that it recently became the victim of a ransomware attack by REvil, a well-known threat actor that has attacked many hospitals and health systems with the Sodinokibi malware variant.

It is being reported that during the attack, REvil was able to exfiltrate personal information that it then published

The California State Controller’s Office (SCO) was recently a victim of phishing. According to its website, an employee of the SCO’s Unclaimed Property Division clicked on a link in an email, entered their user ID and password, and unknowingly provided a hacker with access to the email account. According to the website, “SCO has

Marriott recently won dismissal of a proposed class action data breach lawsuit alleging several violations, including a violation of the California Consumer Privacy Act (CCPA). The case, Arifur Rahman v. Marriott International, Inc. et al., Case No.: 8:20-cv-00654, was dismissed in an Order by U.S. District Court Judge David O. Carter on January 12, 2021.

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently announced that it had entered into a Resolution Agreement, Corrective Action Plan, and settlement with Lifetime Healthcare, Inc., the parent of Excellus Health Plan, over alleged violations of HIPAA relating to a data breach that occurred from December 23, 2013 through

Ubiquiti, a manufacturer of products used for networks such as routers, webcams and mesh networks, announced this week that an unauthorized access to its systems hosted by a third-party cloud provider may have compromised customers’ name, email address and “the one-way encrypted password to your account” as well as address and telephone number if that

On December 18, seven states have entered into a settlement agreement with e-retailer Cafe-Press for $2 million stemming from a 2019 data breach that exposed information of approximately 22 million consumers. The breach affected consumers’ personal information, including usernames and passwords, Social Security numbers, and/or Taxpayer Identification numbers.

Of the $2 million, $750,000 will be