Crisis & Data Breach Response

Suite Victory: Marriott Finally Checks Out of Court

June 9, 2025 By Donald Houser and Gavin Reinke

On June 3, 2025, the U.S. Court of Appeals for the Fourth Circuit issued a pivotal ruling in longstanding litigation against Marriott International, Inc., arising out of a 2018 data breach involving its Starwood Preferred Guest Program. In reversing the lower court’s grant of class certification, the Fourth Circuit determined that the customers’ contractual agreements […]

UK’s Data Protection Regulator fines a UK SaaS provider ~$4 million following a ransomware incident

April 4, 2025 By Hanna Hewitt and Kelly Hagedorn

On March 26, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined Advanced Computer Software Group Ltd (“Advanced”) £3.07 million (approximately $4 million). In 2022, Advanced suffered a ransomware incident that put the personal data of 79,404 people at risk. In its penalty notice, the ICO found that Advanced failed to implement […]

UK Government Proposes Targeted Ban on Ransom Payments and Increased Ransomware Incident Reporting

February 5, 2025 By Kelly Hagedorn and Kristen Bartolotta

On January 14, 2025, the United Kingdom government published a consultation on ransomware proposing new measures to increase incident reporting and reduce ransom payments (the “Consultation”). The Consultation outlines three objectives in this regard and is open for responses until April 8, 2025. Proposal 1: Targeted Ban on Ransomware Payments The UK government is proposing […]

New York Amends Data Breach Notification Law with Immediate Implications

January 6, 2025 By Kim Peretti and Alysa Austin

In late December 2024, the New York Governor signed two bills (S2659B and S2376B) amending the state’s data breach notification law (N.Y. Gen. Bus. Law § 899-aa), to expand the definition of reportable personal information and impose new covered entity reporting obligations in the event of a data breach. Effective immediately, companies will have 30 […]