Covers the processes and legal requirements for notifying affected individuals, regulators, and stakeholders after a data breach. Articles explore notification timelines, communication templates, and compliance obligations under major privacy laws.
posts
The Clock Starts Ticking the Second You Discover a Breach In March 2024, Change Healthcare suffered a ransomware attack that exposed the protected health information of over 100 million individuals. The fallout wasn't just technical — it was a cascading failure in communication, notification, and reporting that took months
In February 2024, Change Healthcare suffered a ransomware attack that exposed the protected health information of approximately 190 million people — making it the largest healthcare data breach in U.S. history. The fallout wasn't just the breach itself. It was the weeks of confusion about who had been
In September 2023, MGM Resorts lost an estimated $100 million after a social engineering attack compromised its systems. But the financial damage from the breach itself was only part of the story. The chaos that followed — delayed notifications, regulatory scrutiny, class-action lawsuits — showed exactly what happens when an organization fumbles
In May 2023, the FTC finalized a revised Health Breach Notification Rule that expanded who must report breaches — and shortened the clock to do it. Most organizations I talk to had no idea the change happened. They found out the hard way: staring down a regulatory inquiry with no incident
The Breach Nobody Reported — Until It Was Too Late In 2020, the health insurer Anthem agreed to pay $39.5 million to settle claims with 43 state attorneys general over a 2015 data breach affecting nearly 79 million people. The breach itself was devastating. But the lawsuits and regulatory actions
The Clock Starts Ticking the Moment You Discover a Breach In December 2020, FireEye disclosed it had been breached by a sophisticated threat actor — a revelation that quickly unraveled into the massive SolarWinds supply chain compromise affecting 18,000 organizations including multiple U.S. government agencies. The question every security
In 2023, the FTC hit Fortnite maker Epic Games with a $520 million settlement — partly because of how poorly they handled children's data and privacy notifications. The breach itself was damaging. The response failures made it catastrophic. If you're reading this, you either just discovered a
