In April 2025, SK Telecom—South Korea’s largest mobile carrier—formally notified regulators of a significant data breach that compromised sensitive SIM card data belonging to nearly 27 million users. Following an investigation, the Ministry of … [Read more] about Inside the SK Telecom Data Breach: What Happened and What Companies Can Learn
The New York State Department of Health has issued an urgent cybersecurity advisory (the Advisory) warning of increased threat levels and a higher likelihood of cybersecurity attacks from Iranian state-backed actors following U.S. military strikes on … [Read more] about New York Department of Health Issues Urgent Cybersecurity Warning Following U.S. Strikes on Iranian Nuclear Facilities
On June 22, 2025, Texas Governor Greg Abbott signed House Bill 149, the Texas Responsible Artificial Intelligence Governance Act (“TRAIGA”), into law. TRAIGA imposes on businesses and governmental entities obligations and prohibitions for certain … [Read more] about Texas Enacts Responsible AI Governance Act
On June 27, 2025, the District Court for the Middle District of Florida, on remand from the Eleventh Circuit, reversed course when it denied class certification to a group of plaintiffs who were purportedly impacted by a spring 2018 cyberattack on … [Read more] about Back from the Brink: District Court Clears Air Regarding Individualized Damages Assessment in Data Breach Cases
On June 5, 2025, the UK’s Information Commissioner’s Office (ICO) fined 23andMe £2.31 million (~$3.1 million). The fine was for failing to implement adequate security measures to protect the personal data of over 155,000 UK users. The penalty … [Read more] about UK Data Protection Regulator Fines 23andMe ~$3.1 Million Following Credential Stuffing Attack