Legal Fallout Mounts with Class Action Lawsuit Filed Over Oracle Data Breach
Description
On March 21, 2025, a security research team identified a threat actor who claimed to possess millions of data lines tied to over 140,000 Oracle Cloud tenants. The breach took place in January of 2025 and was facilitated through a Java vulnerability that allowed the attacker to deploy malware targeting Oracle’s Identity Manager database. The attacker was then able to exfiltrate authentication information including usernames, (more…)
NY AG’s Lawsuit A Wake-Up Call for Insurance Companies
Description
The New York Attorney filed a lawsuit against multiple insurance companies that allegedly failed to protect the personal information of New York drivers from being compromised in cyberattacks. The timeline of the events involving the breach incidents is as follows:
- August 2020 – The first attack against the National General insurance company
- October 2020 – A second attack takes place
- November 2020 – The (more…)
Class Action Lawsuits Emerge Following Large Job Applicant Data Breach
Description
DISA Global Solutions provides comprehensive background checks and drug testing services that help employers maintain workplace safety, ensure regulatory compliance, and manage risk through pre-employment screening programs and ongoing workforce monitoring solutions. On April 22, 2024, DISA detected a cyber incident within its network. They launched an immediate probe that determined that an unauthorized actor had gained access between February 9, 2024, and April 22, (more…)
Cybersecurity and Parking Apps – ParkMobile Settlement Offers $32 Million to Affected Users
Description
The use of parking apps has grown substantially in recent years. Parking apps also intake a great deal of personal information from drivers that use it. This makes them potential targets. March 5, 2025 was the final data to submit a claim for a share of the $32.8 million settlement involving the data breach of ParkMobile in March of 2025. ParkMobile is one of (more…)
The Cost of Neglecting Reasonable Security
Description
Regulatory agencies and courts don’t expect your organization to implement every possible security measure, but they do require you to take reasonable steps to protect your environment. A prime example is eyewear retailer Warby Parker, which was fined $1.5 million by the Department of Health and Human Services on February 20, 2025, for failing to meet security compliance standards. The imposed fine is regarding (more…)
Class Action Suit Illustrates Importance of an Incident Response Plan
Description
On January 13, 2025, Brittany Canup, a former Gas Express employee who last worked for the company in 2020, received a letter from her former employer informing her that the personal information retained by her former employer may have been compromised in a security incident that occurred on May 20, 2024, when unauthorized parties gained access to some of the company’s internal systems. According (more…)
Why Every Organization Needs an Effective Incident Response Plan (IRP)
The Strategic Edge: Why Every Organization Needs an Effective Incident Response Plan (IRP)
There is no doubt that the threat landscape has greatly expanded in recent years. According to the Identity Theft Resource Center 2023 Data Breach Report, 2023 saw a 72% increase in data breaches since 2021. Seventy-five percent of security professionals report seeing an uptick in attacks over the past year, with (more…)
Meal Delivery Service Hit by Multiple Lawsuits Concerning Data Breach
Description
PurFoods, the parent company of Mom’s Meals, which delivers ready-to-eat meals across the US, faced a new lawsuit in November regarding a cyberattack between January 16 and February 22, 2023. Filed in South Carolina, this lawsuit joins other similar suits accusing the company of negligence leading to (more…)