The SafePay ransomware group has been active since fall 2024 and has increased its activity this spring and summer. According to NCC Group, SafePay hit the most victims of any threat actor in May 2025—it is linked to 248
Data Privacy + Cybersecurity Insider
Leveraging Knowledge to Manage Your Data Risks
Latest from Data Privacy + Cybersecurity Insider
Block Inc: CEMA’s Reach Beyond the SMS Sender
On June 30, 2025, Block, Inc.—an electronic financial services company that operates Cash App—entered into a proposed settlement with customers regarding unsolicited text messages from the company. The dispute stemmed from a marketing campaign that allowed Cash App users to…
Etsy Sued Over Pixel Trackers: What It Means for Your Business
If you’ve ever browsed Etsy looking for a handmade candle or a quirky T-shirt, you might have unknowingly shared more than just your shopping preferences. A new lawsuit filed last week in California claims that Etsy has been quietly allowing…
Supreme Court Upholds Texas Age-Verification Law, Raising LGBTQ+ Privacy Concerns
This post was authored by William Ollayos, Summer Associate. William is not admitted to practice law.
On June 27, 2025, the U.S. Supreme Court upheld a Texas law requiring pornography websites to verify users’ ages through government-issued ID. The 6–3…
OCR Enters into Two More Settlements for Failure to Conduct Security Risk Assessments
The Office for Civil Rights (OCR) entered into two recent settlements with covered entities alleging that they failed to conduct security risk assessments. The settlements indicate that OCR will continue to aggressively regulate potential violations of the Health Insurance Portability and…
Mastering Information Governance with the ARMA IGIM 2.1 Framework – Part 3: Operationalizing the Framework
Last week, we outlined the building blocks for a strong IG program. Now that you’ve laid the groundwork, it’s time to bring your IG program to life. The ARMA IGIM framework emphasizes operational execution in three key areas:
…
Privacy Tip #450 – Old Routers Pose Security Risk
The Federal Bureau of Investigation (FBI) recently issued a public service announcement “to inform individuals and businesses about proxy services taking advantage of end of life routers susceptible to vulnerabilities.” When technology reaches its end of life, the manufacturer no…
Google Releases June Security Bulletin for Android Devices to Fix Vulnerabilities
Google recently issued its June Android Security Bulletin that is designed to patch 34 vulnerabilities, all of which Google designates as high-severity defects. The most serious flaw the patch is designed to fix in the Android system would allow threat…
Adidas and UChicago Sued Over Data Breaches Caused by Third-Party Vendors
What do a global sportswear giant and a prestigious medical center have in common? Apparently, a shared struggle defending data breach lawsuits for breaches of sensitive personal information caused by third-party vendors.
This week, Adidas America and the University of…
TikTok’s Motion to Dismiss Denied by NY State Court
New York Attorney General Letitia James and 13 other Attorneys General filed suit in October 2024 against TikTok “for misleading the public about the safety of its platform and harming young people’s mental health.” TikTok moved to dismiss the case…