Mikael Thalen reports: Personal information about nearly 10,000 employees and outside contractors and contributors at The Washington Post was exposed after the newspaper fell victim to a data breach. Analysis of the hacked data by Straight Arrow News indicates that high-profile individuals, including former national security advisor John Bolton, are among those affected. The Post says…
Draft UK Cyber Security and Resilience Bill Enters UK Parliament
Hunton Andrews Kurth writes: On November 12, 2025, the UK government introduced the draft Cyber Security and Resilience (Network and Information Systems) Bill (the “Bill”) to the UK Parliament. The Bill, which was originally announced in July 2024, proposes amendments to the Network and Information Systems (NIS) Regulations 2018 (the “NIS Regulations”), taking into consideration the European…
Suspected Russian hacker reportedly detained in Thailand, faces possible US extradition
Daryna Antoniuk reports: The Russian Embassy in Thailand said it is seeking access to a Russian citizen reportedly detained on the resort island of Phuket at the request of the United States over suspected cybercrimes. “At the moment, we are clarifying the circumstances of this case and working with the Thai side to arrange consular…
Did you hear the one about the ransom victim who made a ransom installment payment after they were told that it wouldn’t be accepted?
Millicom describes itself as a leading provider of fixed and mobile telecommunications services dedicated to markets in Latin America. With headquarters in Luxembourg and Florida, the company is listed on the NASDAQ stock exchange (TIGO). Through Tigo, Tigo Business, and its products and services such as Tigo Music, Tigo Sports, Tigo Money, and ONEtv, Millcom…
District of Massachusetts Allows Higher-Ed Student Data Breach Claims to Survive
Melanie A. Conroy of Pierce Atwood LLP writes: In a recent blog post, we explained how Webb v. Injured Workers Pharmacy, LLC has become a touchstone for courts analyzing Article III standing in data breach class actions, citing Shea v. American International College as a recent example. This post explores the Shea decision in greater depth. On September 5, 2025, Judge Angel…
End of the game for cybercrime infrastructure: 1025 servers taken down
A welcome press release from Europol: Between 10 and 14 November 2025, the latest phase of Operation Endgame was coordinated from Europol’s headquarters in The Hague. The actions targeted one of the biggest infostealers (Rhadamanthys), the Remote Access Trojan VenomRAT, and the botnet Elysium, all of which played a key role in international cybercrime. Authorities…