Alston & Bird Privacy, Cyber & Data Strategy Blog

Back from the Brink: District Court Clears Air Regarding Individualized Damages Assessment in Data Breach Cases

July 3, 2025 By Gavin Reinke, Ashley Miller and Amanda Wellen

On June 27, 2025, the District Court for the Middle District of Florida, on remand from the Eleventh Circuit, reversed course when it denied class certification to a group of plaintiffs who were purportedly impacted by a spring 2018 cyberattack on Brinker International, Inc., the parent company of the popular chain restaurant, Chili’s. The recent class certification order followed a lengthy procedural history going all the way back to 2021, when the District Court issued an order granting the … [Read more] about Back from the Brink: District Court Clears Air Regarding Individualized Damages Assessment in Data Breach Cases

UK Data Protection Regulator Fines 23andMe ~$3.1 Million Following Credential Stuffing Attack

July 2, 2025 By Hanna Hewitt and Kelly Hagedorn

On June 5, 2025, the UK’s Information Commissioner’s Office (ICO) fined 23andMe £2.31 million (~$3.1 million). The fine was for failing to implement adequate security measures to protect the personal data of over 155,000 UK users. The penalty … [Read more] about UK Data Protection Regulator Fines 23andMe ~$3.1 Million Following Credential Stuffing Attack

NYDFS Issues Guidance on Heightened Cybersecurity and Sanctions Risk from Global Conflict

June 27, 2025 By Kim Peretti and Zain Haq

Overview On June 23, 2025, the New York State Department of Financial Services (“NYDFS”) issued an industry letter encouraging all regulated entities to review their cybersecurity and sanctions compliance programs in light of heightened … [Read more] about NYDFS Issues Guidance on Heightened Cybersecurity and Sanctions Risk from Global Conflict

Are You Ready For The Department Of Justice’s Bulk Data Transfer Rule?

June 23, 2025 By Kim Peretti, Daniel Felz and Scott Hilsen

On July 8, 2025, the Department of Justice (“DOJ”) is set to lift its self-imposed pause on enforcing certain violations of its Rule Preventing Access to US Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered … [Read more] about Are You Ready For The Department Of Justice’s Bulk Data Transfer Rule?

Trump Administration Releases Cyber Executive Order Revealing Renewed Strategy for U.S. Cybersecurity

June 15, 2025 By Kim Peretti and Kristen Bartolotta

On June 6, 2025, President Trump issued an Executive Order (EO) on Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity, amending certain prior directives established by the Biden and Obama administrations. Importantly, the … [Read more] about Trump Administration Releases Cyber Executive Order Revealing Renewed Strategy for U.S. Cybersecurity