Mealey's Data Privacy
-
November 24, 2025
Federal Judge Dismisses Cybercrime Coverage Suit After Parties Reach Settlement
SEATTLE — Following a settlement that was announced in October, a federal judge in Washington dismissed with prejudice a law firm insured’s lawsuit seeking commercial cyber insurance coverage for a breach of the firm’s security measures.
-
November 24, 2025
Hanover Foods To Pay $1.15M To Settle Federal CWA Suit After U.S. Intervenes
HARRISBURG, Pa. — The owner and operator of a Pennsylvania food processing facility sued by an environmental nonprofit in federal court for allegedly violating the Clean Water Act (CWA) and its National Pollutant Discharge Elimination System (NPDES) permit by unlawfully discharging polluted industrial wastewater into a tributary of the Susquehanna River agreed to pay $1.15 million in civil penalties and implement remediation efforts to settle the claims following intervention by the United States.
-
November 21, 2025
Wis. Appeals Court: Identity Theft Threat Doesn’t Create Data Breach Suit Standing
WAUSAU, Wis. — Workers who filed a class complaint against their employer following a data breach alleged only a risk of future harm, which was insufficient to show standing for their negligence, breach of contract and other putative class claims, a Wisconsin appellate court ruled, affirming the trial court’s dismissal of the case.
-
November 21, 2025
1st Circuit Rejects Insurer’s Appeal In Health Data Breach Dispute
BOSTON — The First Circuit U.S. Court of Appeals on Nov. 20 affirmed a lower federal court’s summary judgment ruling in favor of a cybersecurity company in a lawsuit arising from a 2018 health data breach, rejecting an insurer’s argument that the lower court erred in denying it equitable indemnification from the cybersecurity company.
-
November 20, 2025
$6.4M Data Breach Settlement With Medical Equipment Vendor Given Final Approval
INDIANAPOLIS — An Indiana federal judge granted final approval and entered judgment in a data breach class action against a sleep apnea product supply company for a nonreversionary $6.38 million settlement that provides up to $2,000 per claimant and awards $1,699,212.44 in attorney fees, $39,897.57 in litigation expenses and $3,000 service awards to each of the 21 class representatives.
-
November 20, 2025
$5M Class Deal In Geisinger Data Breach Case Wins Preliminary Approval
WILLIAMSPORT, Pa. — A Pennsylvania federal judge granted conditional certification of an opt-out settlement class and preliminary approval of a $5 million deal with a Pennsylvania health care provider and its tech services vendor who were sued over a 2023 data breach.
-
November 20, 2025
$3.25 Million Settlement, Injunctive Relief Approved In Student Data Breach Case
LOS ANGELES — A California judge granted the state’s unopposed ex parte application for final judgment and a permanent injunction against a data storage provider, requiring the company to implement enhanced data security measures, undergo third-party audits for five years and pay $3.25 million in penalties after the state alleged that the provider failed to maintain data privacy safeguards that led to a 2022 breach exposing sensitive student information in at least 49 school districts.
-
November 19, 2025
Consolidated Class Suit Over College Data Breach Stayed Pending Settlement
CHATTANOOGA, Tenn. — A federal judge in Tennessee on Nov. 18 stayed a consolidated class action to allow for the finalization of a settlement in the case filed against Lee University after its system containing personally identifiable information (PII) of students and prospective students was hacked.
-
November 19, 2025
3rd Circuit Agrees Data Transmitted To Facebook By Quest Wasn’t Medical
PHILADELPHIA — A trial court correctly dismissed a putative class complaint accusing Quest Diagnostics Inc. of violating two California laws by transmitting users’ browsing data to Facebook as “none of that data was substantive medical information,” a Third Circuit U.S. Court of Appeals panel ruled in a nonprecedential opinion.
-
November 19, 2025
Verizon Seeks U.S. Supreme Court Review Of FCC Forfeiture Order, $46.9M Penalty
WASHINGTON, D.C. — Verizon Communications Inc. filed a petition for writ of certiorari in the U.S. Supreme Court seeking review of a Second Circuit U.S. Court of Appeals ruling denying review of a Federal Communications Commission forfeiture order imposing a $46.9 million penalty for violating the Communications Act and related regulations regarding Verizon’s alleged failure to safeguard certain customer proprietary network information.
-
November 18, 2025
Stay Denied Due To No Irreparable Injury Showing In Centralized Database Case
WASHINGTON, D.C. — A federal judge in the District of Columbia in a Nov. 17 opinion noted doubt about “the lawfulness of” the federal government’s centralized database of Americans’ personal data but denied a motion for a stay filed by several nonprofits and individuals based on the failure to demonstrate irreparable injury as the database changes have already been made.
-
November 18, 2025
N.C. Judge Approves $2.45M Website Tracking Software Settlement With Health System
RALEIGH, N.C. — A North Carolina state court judge on Nov. 17 approved a class action settlement between patients and former patients of a hospital system and the hospital system in a suit asserting that software on the hospital’s website captured their information and sent it to Facebook without their consent, finding that the $2.45 million settlement “is fair, reasonable, adequate, and in the best interest of the settlement class.”
-
November 18, 2025
Texas Dental Practice Will Pay $1M To End Patients’ Data Breach Class Suit
AMARILLO, Texas — A Texas-based dental and orthodontic care practice accused of failing to protect the personally identifiable information (PII) and private health information (PHI) of more than 3,800 patients will pay $1 million to settle two patients’ class action complaint, according to a final settlement approval signed by a judge in Texas.
-
November 14, 2025
‘Opt-Outs’ From $95 Million Siri Eavesdropping Settlement Appeal To 9th Circuit
OAKLAND, Calif. — Nearly 13,000 purported class members and objectors who allegedly opted out of a $95 million settlement of a 6-year-old class action accusing Apple Inc. of collecting unauthorized recordings of Apple device users via its Siri digital assistant filed notice in California federal court that they will appeal the court’s final approval of the settlement to the Ninth Circuit U.S. Court of Appeals.
-
November 13, 2025
Judge Issues $4.4 Million Final Judgment In Meta Fraud Suit Against Spyware Firm
OAKLAND, Calif. — A California federal judge on Nov. 12 issued a final judgment of $4,447,190 in favor of WhatsApp Inc. (now known as WhatsApp LLC) and its parent company Facebook Inc. (now known as Meta Platforms Inc.) and against NSO Group Technologies Ltd. and its parent company after a jury found that the defendants violated a California computer fraud law in a suit accusing the defendants of acquiring unauthorized access to individuals’ WhatsApp accounts.
-
November 12, 2025
Panel Affirms Denial Of Motion For Surveillance, GPS Evidence In Drug Arrest Appeal
MIAMI — An 11th Circuit U.S. Court of Appeals panel affirmed a lower court judge’s denial of a defendant’s motion to compel production of evidence that was the basis for a search warrant of his home, comprising audio/video surveillance, GPS data and the identity of a confidential informant, finding that the defendant failed to show on appeal the evidence sought was material and that he “only speculated that the evidence would be exculpatory.”
-
November 12, 2025
University Of Pennsylvania Alumna Files Class Suit Following Data Breach
PHILADELPHIA — The University of Pennsylvania (UPenn) failed to protect its network containing personally identifiable information (PII) of students, alumni, faculty and donors, resulting in cybercriminals obtaining access to the university’s systems and sending “‘a series of mass emails’” to more than 700,000 people that were critical of the university’s security practices and institutional culture, a UPenn alumna alleges in a putative class complaint filed against the school’s trustees in a federal court in Pennsylvania.
-
November 11, 2025
Consolidation Of 13 Data Breach Class Action Cases Granted, Interim Counsel OK’d
MILWAUKEE — A Wisconsin federal judge consolidated 13 class action lawsuits against a corporation over a 2023 data breach that exposed personal information of its employees and clients; the judge additionally granted the consolidated plaintiffs’ request to appoint interim co-lead class counsel and an executive committee to oversee the coordinated litigation.
-
November 10, 2025
Government Gets OK For Amicus Argument In High Court Subpoena Case
WASHINGTON, D.C. — In its Nov. 10 order list, the U.S. Supreme Court granted a motion by the U.S. Solicitor General to participate as amicus curiae and for divided oral argument on Dec. 2 in a dispute concerning a non-self-executing subpoena for information including the identity of pregnancy center donors.
-
November 07, 2025
Federal Judge Grants Final Approval Of $1.35M Settlement Of Data Breach Suit
BALTIMORE — A Maryland federal judge granted final approval of a $1.35 million settlement of negligence, contractual and other claims in a consolidated lawsuit brought against a health care provider following a 2023 data breach, holding that the “settlement is fair, reasonable, and adequate” and satisfies the requirements of Federal Rule of Civil Procedure 23.
-
November 07, 2025
Election Watchdogs Urge Supreme Court Review Of Voter Data Access Dispute
WASHINGTON, D.C. — Election integrity advocacy groups filed amicus curiae briefs urging the U.S. Supreme Court to review a Third Circuit U.S. Court of Appeals ruling that vacated a lower court’s order and dismissed for lack of standing a suit seeking disclosure of voter record data under the National Voter Registration Act (NVRA), arguing that the case tests whether denial of access to legally required public information can constitute an injury sufficient to establish standing under Article III of the U.S. Constitution.
-
November 06, 2025
Ransomware Data Breach Class Suit Resolved With $1.9M Settlement
MINNEAPOLIS — A Minnesota federal judge entered judgment after granting final approval to a $1.9 million settlement resolving class claims including for violation of California’s unfair competition law (UCL) against a data hosting vendor on behalf of individuals whose personal data was hacked during a ransomware attack on the vendor’s accounting and health care customers, with the plaintiffs’ counsel awarded more than $633,000 in attorney fees.
-
November 05, 2025
Health Care Data Breach Settlement Giving Up To $5,000 Per Claimant Wins Approval
NASHVILLE, Tenn. — A federal judge in Tennessee has determined that a settlement of class claims over a health care provider’s 2023 data security incident is “fair, reasonable, and adequate,” making official the judge’s prior ruling that granted preliminary approval to an agreement that provides payments of up to $5,000 for each claimant in the settlement class. The judge also approved attorney fees and expenses totaling $3.1 million.
-
November 04, 2025
Judge Dismisses Coverage Suit Over Claims Dental Office Violated Privacy Rights
CHICAGO — Four days after a commercial general liability insurer filed a notice of voluntary dismissal, a federal judge in Illinois on Nov. 3 dismissed without prejudice the insurer’s lawsuit seeking a declaration that it has no duty to defend or indemnify for an underlying putative class action alleging that its dental office insured violated privacy rights through its use of internet tracking that collected private information without notice and without consent.
-
November 04, 2025
California, Sling TV Settle Action Alleging Violations Of Data Privacy Laws
LOS ANGELES — California Attorney General Rob Bonta announced a settlement between the state of California and streaming service Sling TV LLC in an action alleging that the streaming service violated the California Consumer Privacy Act (CCPA) by not providing easy-to-use opt-out methods for consumers who choose to stop the sale of their personal information and not providing sufficient privacy protections for children.