On October 22, 2024, Microsoft issued a threat trend research report entitled “US Healthcare at risk: Strengthening resilience against ransomware attacks.” In it, Microsoft declares that ransomware attacks against the healthcare sector are “emerging as one of the most significant” cybersecurity threats to healthcare organizations. The attack surface of hospitals “grows more complex” with digital

Ally Financial Inc., a digital financial services company, faces two class action lawsuits in the U.S. District Court for the Western District of North Carolina related to an April 2024 data breach. The suits allege that Ally failed to secure customers’ personal information, including Social Security and auto account numbers. One lead plaintiff claims that

Connecticut Attorney General William Tong announced on October 21, 2024, that his office has settled a data breach case against Guardian Analytics, Inc. for $500,000. The data breach affected the personal information of 157,629 Connecticut residents. The CT AG alleged that Guardian Analytics failed to implement reasonable and appropriate data security across its systems and

This week, the Federal Communications Commission (FCC) announced a data protection and cybersecurity settlement with T-Mobile, resolving the FCC’s investigations related to the data breaches suffered by T-Mobile that affected millions of consumers in 2021, 2022, and 2023.

As part of the settlement, T-Mobile has agreed to:

  • Improve the company’s cyber hygiene;
  • HealthEquity, an administrator of workplace benefits for more than 15 million people, is notifying 4.3 million individuals, starting on August 9, 2024, that their personal information was compromised. The compromised data includes names, addresses, phone numbers, employee IDs, employers, Social Security numbers, health card numbers, health plan member numbers, benefit types, dependent information, and diagnosis

    This week, the Federal Communications Commission (FCC) announced a settlement with TracFone Wireless to resolve investigations into whether TracFone failed to reasonably protect its customers’ information from unauthorized access in connection with three data breaches.

    The breaches occurred between January 2021 and January 2023. Each of these data breaches involved the exploitation of application programming

    Bleeping Computer has reported that Rite Aid has disclosed a data breach affecting 2.2 million individuals.

    According to the report, Rite Aid stated in its filing with the Maine Attorney General that “We determined by June 17, 2024, that certain data associated with the purchase or attempted purchase of specific retail products was acquired by

    Verizon’s 2024 Data Breach Report, a must-read publication, was published on May 1, 2024. The report indicates that “Over the past 10 years, the use of stolen credentials has appeared in almost one-third (31%) of all breaches…”

    Stolen credentials mean a user has given their username and password to a threat actor. When that

    Convergent Outsourcing Inc., a debt-collection agency, settled a data breach class action in the U.S. District Court for the Western District of Washington for $2.45 million. The class action suit against Convergent alleged that the business failed to protect the personal information of over 640,000 individuals. The breach occurred in June 2022.

    Plaintiffs alleged that