What do a global sportswear giant and a prestigious medical center have in common? Apparently, a shared struggle defending data breach lawsuits for breaches of sensitive personal information caused by third-party vendors. 

This week, Adidas America and the University of Chicago Medical Center found themselves on the receiving end of data breach lawsuits. The plaintiffs

On May 21, 2025, the Federal Trade Commission (FTC) finalized its order with GoDaddy over allegations that GoDaddy “failed to implement standard data security tools and practices to protect customers’ websites and data.” In a Complaint filed against GoDaddy in January 2025, the FTC alleged that the company had “failed to implement reasonable and appropriate

Pennsylvania-based Chord Specialty Dental Partners is under fire after a September 2024 data breach compromised the personal information of over 173,000 individuals. At least seven proposed class action lawsuits have been filed in federal courts in Tennessee and Pennsylvania, alleging the company failed to secure and protect patient data properly.

The lawsuits claim Chord Dental

AI service provider Serviceaide Inc. faces two proposed class action lawsuits from a data breach tied to Catholic Health System Inc., a nonprofit hospital network in Buffalo, New York. The breach reportedly exposed the personal information of over 480,000 individuals, including patients and employees.

Filed in the U.S. District Court for the Northern District of

Healthcare system Ascension has notified 437,329 patients of a data breach exposing “demographic information, such as name, address, phone number(s), email address, date of birth, race, gender, and Social Security numbers, as well as clinical information related to an inpatient visit.”

Ascension indicated that the incident occurred when it “inadvertently disclosed information to a former

BleepingComputer has confirmed the rumor that Oracle has suffered a compromise affecting its legacy environment, including the compromise of old customer credentials (originally denied by Oracle). Oracle notified some affected clients that old legacy data from Oracle Classic (last used in 2017) was involved in the incident. BleepingComputer has reportedly had direct contact with the

We often cover consumer class action complaints against companies regarding the privacy and security of personal information. However, litigation can also arise from alleged breach of contract between two companies. This week, we will analyze a medical diagnostic testing laboratory’s April 2025 complaint against its managed services provider for its alleged failure to satisfy its

The Stram Center for Integrative Medicine in New York recently reported a security incident where an employee misused a patient’s payment card information. Although only one patient’s card was directly misused, a subsequent breach report to the U.S. Department of Health and Human Services Office for Civil Rights indicates that the incident potentially compromised the

Last week, we explored a recent data breach class action and the litigation risk of such lawsuits. Companies need to be aware of litigation risk not only arising from data breaches, but also from shareholder class actions related to privacy concerns.

On March 5, 2025, a class action securities lawsuit was filed against AppLovin Corporation