On January 16, 2025, the Federal Trade Commission (FTC) issued a press release stating, “The updated [Children’s Online Privacy Protection Act (COPPA)] rule strengthens key protections for kids’ privacy online. By requiring parents to opt [into] targeted advertising practices, this final rule prohibits platforms and service providers from sharing and monetizing children’s data without active
Personal Identifiable Information
Ascension Health Notifying 5.6 Million of Data Breach
We previously reported that Ascension Health detected a cyber-attack on May 8, 2024, that affected clinical operations in Ascension facilities in six states.
On December 20, 2024, Ascension notified the Maine Attorney General in a regulatory filing that the attack compromised the personal information of 5.6 million individuals. According to Ascension, the incident occurred on…
Rhysida Hits American Addiction Centers + Publishes 2.8TB of Data
American Addiction Centers (AAC) has notified 422,424 individuals that their personal information was stolen in a cyber-attack attributed to the Rhysida criminal organization. The incident was discovered on September 26, 2024, and the notification letter to affected individuals confirmed that the information exfiltrated included names, Social Security numbers, and health insurance information. AAC is offering…
Colorado Amends its Consumer Privacy Rights Act
After the conclusion of the public comment period earlier this month, the Colorado Department of Law adopted amendments to the Colorado Privacy Act (CPA). The Act grants rights to Colorado consumers concerning their personal information, including the right to access, delete, and correct their personal data as well as the right to opt out of…
Marriott and Starwood Settle on Consent Agreement with FTC for Data Breaches
This week, Marriott International, Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC (collectively, Marriott) agreed to settle on the terms of a settlement order with the Federal Trade Commission (FTC) for its alleged failures to implement reasonable security measures which in turn led to three data breaches between 2014 and 2020, affecting over…