Cybersecurity

Back from the Brink: District Court Clears Air Regarding Individualized Damages Assessment in Data Breach Cases

July 3, 2025 By Gavin Reinke, Ashley Miller and Amanda Wellen

On June 27, 2025, the District Court for the Middle District of Florida, on remand from the Eleventh Circuit, reversed course when it denied class certification to a group of plaintiffs who were purportedly impacted by a spring 2018 cyberattack on Brinker International, Inc., the parent company of the popular chain restaurant, Chili’s. The recent […]

UK Data Protection Regulator Fines 23andMe ~$3.1 Million Following Credential Stuffing Attack

July 2, 2025 By Hanna Hewitt and Kelly Hagedorn

On June 5, 2025, the UK’s Information Commissioner’s Office (ICO) fined 23andMe £2.31 million (~$3.1 million). The fine was for failing to implement adequate security measures to protect the personal data of over 155,000 UK users. The penalty followed a joint investigation with the Office of the Privacy Commissioner of Canada, highlighting how regulators are […]

Trump Administration Releases Cyber Executive Order Revealing Renewed Strategy for U.S. Cybersecurity

June 15, 2025 By Kim Peretti and Kristen Bartolotta

On June 6, 2025, President Trump issued an Executive Order (EO) on Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity, amending certain prior directives established by the Biden and Obama administrations. Importantly, the administration’s new directive maintains continuity of the cybersecurity goals of prior administrations and demonstrates that cybersecurity remains a bipartisan priority. However, the […]

DOJ Settles Another False Claims Act Case for Alleged Failures in Implementing NIST SP 800-171 and Basic Cybersecurity Controls

May 28, 2025 By Kim Peretti, Andrew Liebler, Lance Taubin, Andrew Rice and Samantha Skolnick

On May 1, 2025, the U.S. Department of Justice (DOJ) announced a settlement under the False Claims Act (FCA) involving defense contractors Raytheon Company (Raytheon), RTX Corporation (RTX), and Nightwing Group—the successor owner to one of Raytheon’s cybersecurity business lines (collectively “the Companies”). The Companies agreed to pay $8.4 million to resolve allegations of noncompliance […]

UK Publishes Software Security Code

May 15, 2025 By Hanna Hewitt and Kelly Hagedorn

Cyber security supply chain risks are growing, and attacks on vendors and other third parties cause severe disruption to businesses. For example, in recent years we have seen many incidents that have involved threat actors compromising third-party software used by a significant number of customers. With that background, on May 7, 2025, the National Cyber […]