Becker’s Hospital Review reports that the Department of Government Efficiency (DOGE) “has access to sensitive information in 19 HHS databases and systems,” according to a court filing obtained by Wired. HHS provided the information during the discovery process in the
Data Privacy + Cybersecurity Insider
Leveraging Knowledge to Manage Your Data Risks
Latest from Data Privacy + Cybersecurity Insider
Re: Watch What You Say Here
The Commercial Electronic Mail Act (CEMA) is a Washington State law that prohibits sending state residents a commercial email misrepresenting the sender’s identity. A commercial email promotes real property, goods, or services for sale or lease. A recent Washington Supreme…
FTC Settles With accessiBe For Misleading Statements About WCAG Compliance
The Federal Trade Commission (FTC) announced on April 22, 2025, that it has approved a settlement entered into a Final Order with accessiBe, which claimed its plug-in product, accessWidget, “can make any website compliant with Web Content Accessibility Guidelines (WCAG).”…
Threat Actors Use AI to Launch Identity Theft Scams
Identity theft will continue to rise in 2025. According to the Better Business Bureau of Missouri (BBB), it received over 16,000 identity theft complaints in the past three years. Scammers are “increasingly using advanced tactics such as artificial intelligence to…
Privacy Tip #441 – Identity Theft Statistics Increasing in 2025
Unfortunately, identity theft continues to increase, and according to Identitytheft.org, the statistics are going to get worse in 2025. Some of the statistics cited by Identitytheft.org include:
- 1.4 million complaints of identity theft were received by the Federal Trade
…
CISA Issues Alert on Potential Legacy Oracle Cloud Compromise
BleepingComputer has confirmed the rumor that Oracle has suffered a compromise affecting its legacy environment, including the compromise of old customer credentials (originally denied by Oracle). Oracle notified some affected clients that old legacy data from Oracle Classic (last used…
Breaches Within Breaches: Contractual Obligations After a Security Incident
We often cover consumer class action complaints against companies regarding the privacy and security of personal information. However, litigation can also arise from alleged breach of contract between two companies. This week, we will analyze a medical diagnostic testing laboratory’s…
Northeast Radiology Settles with OCR
The Office for Civil Rights (OCR) announced on April 10, 2025, that it has settled alleged HIPAA Security Rule violations with Northeast Radiology for $350,000.
The investigation followed a breach report by Northeast Radiology to OCR in March 2020 after…
Video Game Developer’s Website Privacy Policy Disclosure and Cookie Banner Consent Defeat Wiretap Class Action
Video game developer Ubisoft, Inc. came out on top earlier this month in the Northern District of California when a judge dismissed, with prejudice, a class action claiming that the company’s use of third-party website pixels violated privacy laws. The…
Judge Rules “Tester” Plaintiffs Cannot Bring Wiretap Claims under California Invasion of Privacy Act
In a big win for businesses, a California federal court just held that a “tester” plaintiff—someone who visits websites to initiate litigation—cannot bring a claim under the California Invasion of Privacy Act (CIPA). Rodriguez v. Autotrader.com, Inc., No. 2:24-cv-08735, 2025…