Enforcement + Litigation

Blackbaud, which suffered a data breach of its customers’ data in a ransomware attack in 2020, in which it admitted paying the ransom in a double extortion attack [view related posts], is facing multiple class action cases following the attack. The cases have been consolidated in multi-district litigation and now comprise 29 cases.

The

A fertility clinic in California cannot escape a lawsuit brought by a patient after the clinic sent private information to the individual’s entire work team.

The clinic, Lane Fertility Institute for Education and Research (Lane), emailed a client regarding an embryo transfer procedure she had undergone the prior year, seeking information about her resulting pregnancy.

This week, a North Carolina federal judge denied Filters Fast LLC’s motion to dismiss a proposed data breach class action, ruling that the plaintiffs demonstrated adequate harm to satisfy Article III standing.

The class action stems from a data breach that occurred between July 2019 and July 2020 through Filters Fast’s shopping website. Plaintiffs claim

This week, Governor Andrew Cuomo signed legislation that added text messaging to the state of New York’s definition of telemarketing communication for purposes of its no-call registry. The legislation, S.3941/A.6040, closes the loophole that previously exempted businesses from the no-call registry restrictions when the communication was sent via text. The goal is to increase protections

British Airways settled a data breach class action lawsuit this week resulting from a 2018 data breach that affected thousands of its customers.

In 2018, the personal data of approximately 420,000 customers and staff was leaked, including names, addresses, and bank account information. When U.K. regulators investigated this incident in 2018, it was reported that

This week, Volkswagen AG’s U.S. entity and its Audi brand were hit with a class action for a data breach that allegedly compromised 3.3 million consumers’ personal information. In the U.S. District Court for the District of New Jersey, a California consumer filed a suit against the automakers on behalf of other current and prospective

Last week, Impact MHC, a Colorado-based mobile home park management company, agreed to pay $25,000 to the Colorado Attorney General’s office and implement new security measures after a data breach of more than 15,000 individuals’ personal information, including 719 Colorado residents. If Impact fails to implement such security measures (such as creating a written information

On June 3, 2021, the U.S. Supreme Court issued its first-ever interpretation of the Computer Fraud and Abuse Act (CFAA), the federal criminal and civil statute intended to deter and punish unauthorized access to computer systems. The decision in Van Buren v. United States adopts a narrow construction of a key provision of the CFAA

This week, Ancestry.com Inc. prevailed in a class action which alleged that it misappropriated consumers’ images and violated their privacy by using such data to solicit and sell their services and products. The court granted Ancestry.com’s motion to dismiss the amended complaint with prejudice because the plaintiffs “did not cure the complaint’s deficiencies” after being