Class Action Lawsuits Emerge Following Large Job Applicant Data Breach
Description
DISA Global Solutions provides comprehensive background checks and drug testing services that help employers maintain workplace safety, ensure regulatory compliance, and manage risk through pre-employment screening programs and ongoing workforce monitoring solutions. On April 22, 2024, DISA detected a cyber incident within its network. They launched an immediate probe that determined that an unauthorized actor had gained access between February 9, 2024, and April 22, (more…)
Cybersecurity and Parking Apps – ParkMobile Settlement Offers $32 Million to Affected Users
Description
The use of parking apps has grown substantially in recent years. Parking apps also intake a great deal of personal information from drivers that use it. This makes them potential targets. March 5, 2025 was the final data to submit a claim for a share of the $32.8 million settlement involving the data breach of ParkMobile in March of 2025. ParkMobile is one of (more…)
The Cost of Neglecting Reasonable Security
Description
Regulatory agencies and courts don’t expect your organization to implement every possible security measure, but they do require you to take reasonable steps to protect your environment. A prime example is eyewear retailer Warby Parker, which was fined $1.5 million by the Department of Health and Human Services on February 20, 2025, for failing to meet security compliance standards. The imposed fine is regarding (more…)
Class Action Suit Illustrates Importance of an Incident Response Plan
Description
On January 13, 2025, Brittany Canup, a former Gas Express employee who last worked for the company in 2020, received a letter from her former employer informing her that the personal information retained by her former employer may have been compromised in a security incident that occurred on May 20, 2024, when unauthorized parties gained access to some of the company’s internal systems. According (more…)
Compromised Credential Leads to Major Educational Data Leak Powerschool
Description
K-12 schools manage vast amounts of sensitive personal information about students and educators. Many school districts utilize a cloud service provider to host this data and provide insights and analytics. PowerSchool stands as the leading provider of cloud-based education software for K-12 education in the United States, serving over 55 million students and 17,000 educational institutions across more than 90 countries. On December 28, 2024, PowerSchool (more…)
More Corporate Giants are Victims to the MOVEit Vulnerability
Description
There is an adage that says, “Old habits die hard.” Exploitable vulnerabilities die equally hard as well. It was May 28, 2023, when the MOVEit vulnerability was first identified. MOVEit is a secure Managed File Transfer (MFT) software developed by Progress Software that securely transfers files and data between servers, systems, and applications. The vulnerability known as CVE-2023-34362 allows hackers to bypass authentication on unpatched (more…)
Toymaker Settles Data Breach Class Action Suit for $500,000
Description
Squishable, a New York based company that makes cute and cuddly companion toys for children, suffered what is referred to as a Magecart attack that affected nearly 16,000 customers back in 2022. These types of attacks are carried out by injecting malicious scripts into e-commerce sites to steal payment information. In Squishable’s case, the malicious code was present on their website from May 26 to (more…)
Dental Center Agrees to Settlement of $2.7 Million for Data Breach
Description
Great Expressions Dental Centers, a Michigan-based dental service organization with nearly 300 affiliated practices across the United States, experienced a significant data breach in February 2023. The incident affected approximately 1.9 million patients and employees. Over a six-day period, an unauthorized party potentially accessed personal information of both employees and patients. For employees, the compromised data included names, Social Security numbers (SSNs), driver’s license (more…)
Multi-Vendor Vulnerability Results in Data Breach at Rackspace
Description
Rackspace is a managed cloud computing provider based in San Antonio, Texas, that offers cloud hosting, dedicated servers, and multi-cloud solutions. The company servers than 300,000 customers across the world, including two-thirds of the world’s largest public traded companies. On the morning of September 24, 2024, Rackspace fell victim to a cyberattack that exploited a zero-day vulnerability in a monitoring application provided by ScienceLogic. (more…)
Data Breach Victims Eligible for Compensation in $3.25M Settlement
Description
See Tickets, a global ticketing services company, detected suspicious activity on several of its e-commerce platforms in May of 2023. A subsequent investigation revealed that cybercriminals had injected malicious code into the company’s checkout pages. This unauthorized code enabled the attackers to capture customer information transactions processed between February 28, 2023, and July 2, 2023. The compromised data included names, addresses, zip codes, payment card (more…)
