BleepingComputer has confirmed the rumor that Oracle has suffered a compromise affecting its legacy environment, including the compromise of old customer credentials (originally denied by Oracle). Oracle notified some affected clients that old legacy data from Oracle Classic (last used in 2017) was involved in the incident. BleepingComputer has reportedly had direct contact with the
Data Breach
Breaches Within Breaches: Contractual Obligations After a Security Incident
We often cover consumer class action complaints against companies regarding the privacy and security of personal information. However, litigation can also arise from alleged breach of contract between two companies. This week, we will analyze a medical diagnostic testing laboratory’s April 2025 complaint against its managed services provider for its alleged failure to satisfy its…
Pennsylvania Teacher’s Union Faces Class Action over Data Breach
The Pennsylvania State Education Association (PSEA) faces a class action resulting from a July 2024 data breach. The proposed class consists of current and former members of the union as well as PSEA employees and their family members. The lawsuit alleges that the union was negligent and breached its fiduciary duty when it suffered a…
Insider Threats: Potential Signs and Security Tips
The Stram Center for Integrative Medicine in New York recently reported a security incident where an employee misused a patient’s payment card information. Although only one patient’s card was directly misused, a subsequent breach report to the U.S. Department of Health and Human Services Office for Civil Rights indicates that the incident potentially compromised the…
AppLovin & Its AI: A Lesson in Accuracy
Last week, we explored a recent data breach class action and the litigation risk of such lawsuits. Companies need to be aware of litigation risk not only arising from data breaches, but also from shareholder class actions related to privacy concerns.
On March 5, 2025, a class action securities lawsuit was filed against AppLovin Corporation…
NewsBank Hit with Class Action over Employee Data Breach
Last week, a class action was filed against NewsBank, Inc., a Florida-based news database company, related to a 2024 breach of employee personal information.
NewsBank provides a database of archived news publications utilized by libraries, higher education institutions, and other organizations. NewsBank suffered a security incident affecting its employees’ personal information between June and July…
Privacy Tip #430 – GrubHub Confirms Security Incident Through Third Party Vendor
If you are a GrubHub customer, read carefully. The app has confirmed a security incident involving a third-party vendor that allowed an unauthorized threat actor to access user contact information, including some customer names, email addresses, telephone numbers, and partial payment information for a subset of campus diners.
GrubHub’s response states, “The unauthorized party also…
Ascension Health Notifying 5.6 Million of Data Breach
We previously reported that Ascension Health detected a cyber-attack on May 8, 2024, that affected clinical operations in Ascension facilities in six states.
On December 20, 2024, Ascension notified the Maine Attorney General in a regulatory filing that the attack compromised the personal information of 5.6 million individuals. According to Ascension, the incident occurred on…
Rhysida Hits American Addiction Centers + Publishes 2.8TB of Data
American Addiction Centers (AAC) has notified 422,424 individuals that their personal information was stolen in a cyber-attack attributed to the Rhysida criminal organization. The incident was discovered on September 26, 2024, and the notification letter to affected individuals confirmed that the information exfiltrated included names, Social Security numbers, and health insurance information. AAC is offering…
A Year in Privacy and Security: Privacy Violations, Large-Scale Data Breaches, and Big Fines and Settlements
2024 was a year chock-full of data breaches and privacy violations. Many new data privacy and cybersecurity regulations were introduced (and became effective), and regulators sent a strong message to businesses that privacy must be at the forefront of their strategy and goals and that robust security controls are required to protect employee and consumer…