Alston & Bird Privacy, Cyber & Data Strategy Blog

Suite Victory: Marriott Finally Checks Out of Court

June 9, 2025 By Donald Houser, Gavin Reinke and Nicole Weeks

On June 3, 2025, the U.S. Court of Appeals for the Fourth Circuit issued a pivotal ruling in longstanding litigation against Marriott International, Inc., arising out of a 2018 data breach involving its Starwood Preferred Guest Program. In reversing the lower court’s grant of class certification, the Fourth Circuit determined that the customers’ contractual agreements with Marriott included enforceable class action waivers and that those waivers applied to bar all asserted claims. This … [Read more] about Suite Victory: Marriott Finally Checks Out of Court

European Vulnerability Database Published by the European Union Agency for Cybersecurity

June 2, 2025 By Hanna Hewitt and Kelly Hagedorn

The European Union Agency for Cybersecurity (ENISA) has launched the European Vulnerability Database (EUVD), a tool designed to enhance digital security across the EU. The EUVD is available here. ENISA created the EUVD under the Network and … [Read more] about European Vulnerability Database Published by the European Union Agency for Cybersecurity

DOJ Settles Another False Claims Act Case for Alleged Failures in Implementing NIST SP 800-171 and Basic Cybersecurity Controls

May 28, 2025 By Kim Peretti, Andrew Liebler, Lance Taubin, Andrew Rice and Samantha Skolnick

On May 1, 2025, the U.S. Department of Justice (DOJ) announced a settlement under the False Claims Act (FCA) involving defense contractors Raytheon Company (Raytheon), RTX Corporation (RTX), and Nightwing Group—the successor owner to one of … [Read more] about DOJ Settles Another False Claims Act Case for Alleged Failures in Implementing NIST SP 800-171 and Basic Cybersecurity Controls

UK Publishes Software Security Code

May 15, 2025 By Hanna Hewitt and Kelly Hagedorn

Cyber security supply chain risks are growing, and attacks on vendors and other third parties cause severe disruption to businesses. For example, in recent years we have seen many incidents that have involved threat actors compromising third-party … [Read more] about UK Publishes Software Security Code

Texas AG Secures $1.375 Billion from Google: Key Takeaways for Companies Collecting Consumer Data

May 14, 2025 By Alex Brown and Zain Haq

On May 9, 2025, the Texas Attorney General Ken Paxton announced a $1.375 billion settlement with Google—by far the largest state-level privacy settlement reached against Google to date. The settlement resolves lawsuits filed in 2022 alleging that … [Read more] about Texas AG Secures $1.375 Billion from Google: Key Takeaways for Companies Collecting Consumer Data