California’s Cybersecurity Audit Rule Is Now in Effect: Its Impact for Class Litigation
The California Privacy Protection Agency’s new cybersecurity audit rule took effect on Jan. 1, 2026, obligating certain businesses to conduct and certify an annual audit covering 18 technical and organizational safeguards. While the audit report itself is not filed publicly, the certification must be submitted each calendar year. The rule is the first of its kind among general‑applicability state privacy statutes, and it is expected to become a focal point in data‑breach class‑action discovery. Plaintiffs will likely leverage audit findings to argue negligence or privacy‑law violations.
A Silent Threat, Loud Consequences: Ransom Group Hits Law Firms Hard
The Silent Ransom Group (SRG) has publicly leaked data from more than 38 U.S. law firms that refused to pay its ransom demands, indicating at least 76 firms have been targeted. Wood Smith Henning & Berman LLP (WSHB) was hit...
Booking.com Warns Customers Their Private Travel Details May Have Been Accessed by ‘Unauthorised Party’
Booking.com has warned that an unauthorized third party may have accessed customers' personal travel information. The breach notification was sent to a subset of Australian users, indicating that names, booking details and itineraries could be exposed. The company said it...
GTA-Maker Rockstar Games Hacked Again but Downplays Impact
Rockstar Games, the studio behind Grand Theft Auto, suffered a second cyber intrusion within three years, as disclosed by cybersecurity outlets on Saturday. A hacker collective claimed responsibility, posting details of the breach online. Rockstar publicly downplayed the incident, stating...
MN: Spring Lake Park Schools Closed After Suspected Ransomware Attack
Spring Lake Park School District in Minnesota shut all campuses on Monday after a suspected ransomware attack crippled its computer systems. The intrusion forced the district to suspend classes and administrative operations as a precaution while local law enforcement and...
Brockton Hospital Still Dealing with Aftermath of Ransomware Attack
Brockton Hospital is reverting to paper‑based processes for the next two weeks after a ransomware attack crippled its electronic systems. The incident, attributed to the Anubis ransomware‑as‑a‑service group, forced ambulance diversions, cancelled chemotherapy sessions and halted new prescription orders. Federal...
Silent Ransom Group Leaked Another Big Law Firm: Orrick, Herrington & Sutcliffe
The Silent Ransom Group (SRG) breached law firm Orrick, Herrington & Sutcliffe in late January 2026 and spent a week inside its network before demanding a ransom. Negotiations stretched from early February to late February, with Orrick offering a maximum...
Lotte Card Given Notice of $3M Penalty, Business Suspension over Massive Data Breach
Lotte Card has been served a notice from South Korea's Financial Supervisory Service requiring a penalty of roughly 5 billion won (about $3.38 million) and a suspension of new customer sign‑ups for more than four months. The penalties will be finalized by...
86% of Businesses Refused to Pay Cyber Ransoms in 2025 — Coalition Insurance
Coalition’s 2026 cyber claims report, covering over 100,000 policyholders in the US, Canada, UK, Australia and Germany, found that 86% of the 1,400 high‑signal ransomware claims from 2025 did not result in a ransom payment. Ransom demands surged 47% year‑over‑year,...
Capita Under Investigation After Workers Hit by Pensions Data Breach
Capita, the administrator of the UK Civil Service Pension Scheme, is under government investigation after confirming a second data breach within three years. The latest incident affected up to 138 retirees, who either received incorrect annual statements or had their...
Madras High Court Dismisses Plea By Cyber Security Expert Seeking Probe Into Star Health Security Lapses
The Madras High Court dismissed cybersecurity specialist Himanshu Pathak’s appeal seeking a multi‑ministry investigation into alleged security lapses at Star Health Insurance. While his petition was pending, Star Health suffered a cyber‑attack on October 9 2024 that exposed policyholder data. Pathak, a policyholder,...
A Hacker Has Allegedly Breached One of China’s Supercomputers and Is Attempting to Sell a Trove of Stolen Data
A hacker claims to have exfiltrated over 10 petabytes of classified data from China’s National Supercomputing Center in Tianjin, including defense documents and missile schematics. The breach allegedly spanned months and went undetected, affecting more than 6,000 clients across scientific...
OCR Releases Risk Management Video
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has released a new video that explains the HIPAA Security Rule’s risk‑management requirement. The presentation, led by senior cybersecurity advisor Nicholas Heesters, expands OCR’s earlier Risk Analysis...
Hackers Steal and Leak Sensitive LAPD Police Documents
Hackers infiltrated the Los Angeles Police Department’s internal network and exfiltrated thousands of sensitive files, including officer personnel records, internal‑affairs investigations, and unredacted discovery documents. The data was posted online by the Distributed Denial of Secrets platform, which identified the...
Iowa AG Files Lawsuit Against Change Healthcare over 2024 Data Breach
Change Healthcare, a UnitedHealth Group subsidiary, faces a lawsuit filed by Iowa Attorney General Brenna Bird alleging violations of state consumer‑protection and data‑security laws. The suit stems from a February 2024 breach that went undetected for ten days, exposing Social...
