Skip to main content
  1. Cyber attacks, data breaches and litigat...

Data and cyber

Cyber attacks, data breaches and litigation

We advise on the largest and most complex data crises, and are one of only a handful of firms in the world to have managed a major data breach since the advent of the EU’s General Data Protection Regulation (GDPR).

This experience gives us unrivalled insight into how regulators think, what they look for in their investigations, how they calculate fines and what remediation measures they expect.

Our global team of data attorneys, litigators and investigations lawyers know how to respond to an attack in a way that will manage your exposure, position you to defend follow-on litigation and help you quickly rebuild consumer and stakeholder trust.

We track data privacy developments globally - including the strength of different authorities’ statutory powers, their likelihood of taking action and the associated class action risk – so when you suffer a breach we can immediately pinpoint where you need to focus your energy.

Our cyber attacks, data breaches and litigation insights

Blogs

Building Your Company’s AI Governance Framework

The use of AI has grown rapidly, from simplistic chatbots to sophisticated conversationalists that are close to passing the Turing test of whether a machine can engage in a conversation with a human…

Author(s): Rikki Haria, Theresa Ehlen, Christine Lyon, Jeanne Queneudec, Edward Dean, Christine Chong, Laura Llangozi

  • ai
  • consumer
  • corporate
  • cyber security
  • data protection
  • employment
  • eu ai act
  • europe
  • innovation
  • intellectual property
  • tech media and telecoms

The 'lead claimant' model - the future for data privacy mass claims?

The Supreme Court’s ruling in Lloyd v Google (on which we have previously blogged), coupled with the vast upfront costs of bringing claims via a group litigation order (GLO), is leading claimant law…

Author(s): Cat Greenwood-Smith, Charlie Fisher

  • data
  • data protection
  • cyber security
  • litigation

Clarification of requirements for claiming damages following cyberattacks under the GDPR

Cyberattacks present a multi-faceted challenge for organisations around the world. Beyond the immediate burden of handling the attack itself, the aftermath can be of even greater concern. Not only do…

Author(s): Christoph Werkmeister, Martin Mekat, Rhodri Thomas, Dawid Ligocki, Hanna Hoffmann, Christian Sosna

  • cyber security
  • data
  • data protection
  • gdpr
  • litigation

China’s CAC clarifies cybersecurity incident reporting obligations

The Cyberspace Administration of China ('CAC') has released draft measures that would require many cyber and data security incidents in China to be reported within one hour. The draft ‘Measures for…

Author(s): Richard Bird, Fan Li

  • asia-pacific
  • cyber security
  • data protection
  • data
  • regulatory
  • tech media and telecoms

Data localisation in Vietnam – Highlights under Decree 53 and Decree 13

Discussions on data localisation in Vietnam have been in vogue since the issuance of Law No. 24/2018/QH14 on cybersecurity (the ‘Cybersecurity Law’) in 2018. After much anticipation, Decree…

Author(s): Ngan Anh Phan, Tony Foster

  • asia-pacific
  • data
  • regulatory
  • tech media and telecoms
  • cyber security

The California Privacy Protection Agency Releases a First Draft of Automated Decisionmaking Opt-Out and Access Regulations

The California Privacy Protection Agency (CPPA) has been steadily making strides to progress rulemaking under the California Consumer Privacy Act (CCPA) on requirements for cybersecurity audits, risk…

Author(s): Christine Lyon, Christine Chong

  • ai
  • cyber security
  • data
  • data protection

Data Trends 2024

This week Freshfields published an annual review of the top trends we expect to impact the data landscape in 2024 and beyond. They have been identified by international specialists from across our…

Author(s): Christine Lyon, Giles Pratt, Christoph Werkmeister

  • ai
  • data
  • data protection
  • europe
  • global
  • gdpr
  • ico
  • intellectual property
  • internet of things
  • tech media and telecoms
  • us
  • asia-pacific
  • americas
  • cyber security
  • eu data act
  • eu data governance act
  • eu digital markets act
  • eu digital services act
  • eu digital strategy

Data Privacy Litigation: theft of sensitive personal data not sufficient for GDPR non-material damages

Data privacy litigation landscape  Non-material damages claims based on (alleged) violations of the General Data Protection Regulation (GDPR) are increasingly being brought before courts across the…

Author(s): Martin Mekat, Christoph Werkmeister, Dawid Ligocki, Christian Sosna

  • data protection
  • cyber security
  • data
  • gdpr
  • litigation
  • tech media and telecoms

MiCA & DORA ante portas – Germany clarifies application of EU Regulations

The Markets in Crypto-Assets Regulation (MiCA) will apply from 30 December 2024 (except for the provisions on e-money tokens and asset-referenced tokens, which will apply from 30 June 2024). As an EU…

Author(s): Janina Heinz, Daniel Klingenbrunn

  • blockchain
  • cryptocurrency
  • cyber security
  • data
  • europe
  • financial institutions
  • fintech
  • regulatory

Ransomware victims beware: UK & US tackle ransomware with first multilateral sanctions and UK victims’ reporting guidance

The coordinated designation of individuals under both the UK and US cyber sanctions regimes, in an effort to combat ransomware attacks, highlights the importance for the victims of ransomware attacks…

Author(s): Hannah Walker Gore, Andrew Bulovsky, Katie Palms, Stephanie Brown Cripps

  • uk
  • sanctions
  • cyber security
  • us

And we’re off!: Updated California Consumer Privacy Act regulations near the finish line, with invitations to comment on further rulemaking

The California Privacy Rights Act (CPRA) significantly expanded the California Consumer Privacy Act (CCPA) as of January 1, 2023, but companies are still awaiting the updated regulations. On Friday,…

Author(s): Christine Lyon, Christine Chong

  • cyber security
  • data
  • data protection
  • consumer

Security vs. convenience: EBA clarifies application of Strong Customer Authentication for Digital Wallets

It's been a while since strong customer authentication (SCA) has been in the spotlight. For those who do not immediately remember what SCA is about: the rules for SCA aim to reduce fraud and make…

Author(s): Alicia Hildner, Daniel Klingenbrunn

  • sca
  • digitalwallet
  • 2fa
  • tokenisation
  • psd2
  • psd3
  • cyber security
  • digital payment
  • e-commerce
  • fintech
  • regulatory

Naming and shaming? The UK ICO is now naming most organisations it investigates

In recent months the UK’s data protection authority, the Information Commissioner’s Office (ICO), has begun publishing data sets naming organisations that have been subject to reprimands, complaints,…

Author(s): Giles Pratt, Rachael Annear, Adam Gillert

  • cyber security
  • data
  • data protection
  • gdpr
  • ico
  • mergers and acquisitions
  • tech media and telecoms

China: one step closer to understanding ‘important data’ and ‘core data’

The National Information Security Standardisation Technical Committee (TC260) released a draft guidance document in Q4, 2022 giving direction to government departments and sectoral regulators on…

Author(s): Richard Bird

  • asia-pacific
  • cyber security
  • data
  • data protection

China’s TC260 issues revised guidelines on cross-border processing of personal information certification

Following a consultation, the National Information Security Standardisation Technical Committee of China (colloquially known as ‘TC260') has issued version 2.0 of the Cybersecurity Standard Practice…

Author(s): Richard Bird

  • data
  • data protection
  • cyber security
  • asia-pacific

DORA: a cornerstone of the EU regulatory framework close to final

The EU Parliament recently adopted the Digital Operational Resilience Act (DORA) and the directive on digital operational resilience with a large majority. This vote paves the way for DORA to become…

Author(s): Alicia Hildner, Theresa Ehlen, Janina Heinz, Julia Utzerath

  • cyber security
  • europe
  • fintech
  • operationalresilience
  • regulation

Cybercrime: risks and key-issues to bear in mind when considering ransom payments

Introduction  In the last few months, reports of cyberattacks on companies in Europe and beyond have risen. These attacks can cause tremendous damage to affected businesses, especially when services…

Author(s): Ann-Malin Brune, Tibor Szigetvari, Lukas Pomaroli, Norbert Nolte, Daniel Travers, Christoph Werkmeister

  • cyber security
  • cryptocurrency
  • gdpr
  • data protection

Thinking of adopting a PET? ICO issues draft guidance on privacy enhancing technologies

The UK Information Commissioner’s Office (ICO) recently published draft guidance on privacy enhancing technologies (PETs). It forms the fifth chapter of a draft suite of guidance on anonymisation,…

Author(s): Adam Gillert

  • data protection
  • cyber security
  • data
  • gdpr
  • ai
  • internet of things
  • tech media and telecoms

Data privacy litigation: claiming non-material damages likely to become more difficult

Actions for non-material damages following (alleged) infringements of the General Data Protection Regulation (GDPR) have been on the rise in recent times. We represent various clients across the…

Author(s): Martin Mekat, Christoph Werkmeister, Robert Barton, Christoph Clausen, Dawid Ligocki

  • cyber security
  • data
  • data protection
  • gdpr

New UK government report highlights possible tensions in health data unlocking plans

“Only by securing people’s confidence and support can we do all of the ambitious, innovative, life-changing things with data that are part of the system’s future vision for how health and care will…

Author(s): Harriet Hanks, Emily Fowler, Andrew Austin

  • ai
  • data
  • life sciences
  • cyber security
  • data protection
Previous
Next
Read all blogs

Podcasts

Our cyber attacks, data breaches and litigation experience

Marriott

Advising Marriott, the US hotel chain, on the global coordination of its response to its Starwood database security incident.

International travel operator

Advising an international travel operator following the loss of customer and business data

International investment fund

Advising an investment fund on a cyber attack, including working with criminal, data protection and industry regulators in the UK and Germany.

View more experience

Meet the team

Announce carousel

Worldwide

Our regional experience

Europe

Americas

Asia-Pacific

Middle East

Africa

International language sites