Enforcement + Litigation

Subscribe to Enforcement + Litigation via RSS

Last week, two separate class actions were filed in the federal district court for the Southern District of Texas against DISA Global Solutions (DISA), a third-party employment screening services provider, related to an April 2024 cyber-attack.

DISA provides drug and alcohol testing and background checks for employers. DISA reportedly faced a cyber-attack from February to

This post was authored by Class Action Defense team chair Wystan Ackerman and is also being shared on our Class Actions Insider blog.

Some data breach class actions settle quickly, with one of two settlement structures:

(1) a “claims made” structure, in which the total amount paid to class members who submit valid claims is

Last week, a class action was filed against NewsBank, Inc., a Florida-based news database company, related to a 2024 breach of employee personal information.

NewsBank provides a database of archived news publications utilized by libraries, higher education institutions, and other organizations. NewsBank suffered a security incident affecting its employees’ personal information between June and July

MGM Resorts agreed to pay $45 million to settle over a dozen class action lawsuits concerning 2019 and 2023 data breaches. A federal court in Nevada preliminarily approved the settlement, which, according to lawyers, covers over 37 million MGM customers.

The 2019 incident occurred when millions of customers’ names, addresses, telephone numbers, and other personal

Singapore-based Chinese video game developer Cognosphere, dba HoYoverse, known for “Genshin Impact,” a role-playing game involving collectible characters with unique fighting skills, has agreed to pay $20 million to settle Federal Trade Commission (FTC) allegations that it violated the Children’s Online Privacy Protection Act (COPPA) and deceived players about the cost of winning certain prizes.

In its continued concentration on the collection and use of consumers’ precise geolocation, on January 16, 2024, the Federal Trade Commission (FTC) settled with General Motors (GM) over allegations that it collected, used, and sold drivers’ precise geolocation and driving behavior data from millions of vehicles—data that can be used to set insurance rates—without adequately

The Federal Trade Commission (FTC) issued a proposed settlement order against GoDaddy alleging that it “has failed to implement reasonable and appropriate security measures to protect and monitor its website-hosting environments for security threats, and misled customers about the extent of its data security protections on its website hosting services.”

The proposed settlement order requires

In August 2024, the Department of Justice (DOJ) and eight states filed a civil antitrust lawsuit against RealPage Inc., alleging that its software was used to unlawfully decrease competition among landlords and maximize profits. Last week, the DOJ, now joined by ten states, filed an amended complaint alleging that landlords Greystar Real Estate Partners LLC

2024 was a year chock-full of data breaches and privacy violations. Many new data privacy and cybersecurity regulations were introduced (and became effective), and regulators sent a strong message to businesses that privacy must be at the forefront of their strategy and goals and that robust security controls are required to protect employee and consumer

American Addiction Centers Inc. faces a class action in the Middle District of Tennessee for allegations that it violated the Health Insurance Portability and Accountability Act (HIPAA) by failing to protect patient data from cyber criminals.

In September 2024, American Addiction Centers suffered a cyber-attack that led to the unauthorized access to sensitive personal information