Mark Rasch writes: When something goes wrong, after exhausting all other possible alternatives, a company may go to its lawyer with the silliest question you can ever ask a lawyer — “Can I sue?” The basic answer is, “if it moves, sue it…” “If it doesn’t move… move it… then sue it…” And when asked,…
Category: Of Note
Five major changes to the regulation of cybersecurity in the UK under the Cyber Security and Resilience Bill
Mark Young & Paul Maynard of Covington and Burling write: As the UK Government has recognized, cyber incidents—such as Jaguar Land Rover, Marks and Spencer, Royal Mail and the British Library—are costing UK businesses billions annually and causing severe disruption. The Government recognizes that cybersecurity is a critical enabler of economic growth (“we cannot have growth…
From bad to worse: Doctor Alliance hacked again by same threat actor (1)
On November 12, DataBreaches reported that Doctor Alliance had allegedly been hacked by a threat actor who listed the data for sale on a clearnet forum. At the time, “Kazu” claimed to have 353 GB of data and had given Doctor Alliance a November 21 deadline to pay $200,000 or the data would be sold…
Draft UK Cyber Security and Resilience Bill Enters UK Parliament
Hunton Andrews Kurth writes: On November 12, 2025, the UK government introduced the draft Cyber Security and Resilience (Network and Information Systems) Bill (the “Bill”) to the UK Parliament. The Bill, which was originally announced in July 2024, proposes amendments to the Network and Information Systems (NIS) Regulations 2018 (the “NIS Regulations”), taking into consideration the European…
District of Massachusetts Allows Higher-Ed Student Data Breach Claims to Survive
Melanie A. Conroy of Pierce Atwood LLP writes: In a recent blog post, we explained how Webb v. Injured Workers Pharmacy, LLC has become a touchstone for courts analyzing Article III standing in data breach class actions, citing Shea v. American International College as a recent example. This post explores the Shea decision in greater depth. On September 5, 2025, Judge Angel…
End of the game for cybercrime infrastructure: 1025 servers taken down
A welcome press release from Europol: Between 10 and 14 November 2025, the latest phase of Operation Endgame was coordinated from Europol’s headquarters in The Hague. The actions targeted one of the biggest infostealers (Rhadamanthys), the Remote Access Trojan VenomRAT, and the botnet Elysium, all of which played a key role in international cybercrime. Authorities…