S‑RM’s 2026 Cyber Incident Insights Report offers one of the clearest indicators yet of how rapidly the global threat landscape is shifting. Drawing on more than 800 incidents handled throughout 2025, the report reveals a ransomware ecosystem that is expanding, fragmenting and becoming less predictable, while AI adoption(on both sides of the divide) introduces new
Continue Reading Key Takeaways from the S-RM Cyber Incident Insights Report 2026
On March 2, 2026, the U.S. Court of Appeals for the Ninth Circuit issued a significant decision, in Freeman v. 3Commas Technologies OÜ, reversing a district court’s dismissal of a class action against an Estonian software company for lack of personal jurisdiction.[1] The ruling provides valuable guidance on when foreign technology companies can
Continue Reading U.S.: Ninth Circuit Expands Personal Jurisdiction Over Foreign Tech Platforms in Data Breach Cases
Australian Clinical Labs (ACL) has been ordered to pay AUD5.8 million for breach of the Privacy Act 1988 (Cth) (Privacy Act) following a 2022 cyber incident which impacted the personal information of over 223,000 individuals. This is the first ever civil penalty proceeding under the Privacy Act.
ACL was held to
Continue Reading Australian Clinical Labs ordered to pay AUD5.8 million following cyber incident
Following Malaysia’s introduction of data breach notification and data protection officer (“DPO”) appointment requirements in last year’s significant amendments to the Personal Data Protection Act (“PDPA”) (click here for our summary), the Personal Data Protection Commissioner of Malaysia (“Commissioner”) recently released guidelines that flesh out such requirements, titled the
Continue Reading Malaysia: Guidelines Issued on Data Breach Notification and Data Protection Officer Appointment
Since the full implementation of Thailand’s Personal Data Protection Act (PDPA) in June 2022, the Personal Data Protection Committee (PDPC) has been instrumental in shaping the nation’s data protection framework. Recently, the PDPC provided detailed clarifications on data breach notification requirements by responding to the public consultation, offering essential guidance for
Continue Reading Thailand: PDPC’s Clarification on Personal Data Breach NotificationAuthor: Sarah Birkett
Anyone with a passing interest in Australian privacy laws will no doubt have heard about the Optus data breach. The incident, which was made public in late September 2022, is thought to have affected around 9 million individuals (almost 40% of the Australian population), with identity documents relating to approximately 2.22 million
Continue Reading AUSTRALIA: Likely increase in maximum penalties for privacy breaches
Authors: Ross McKean, Henry Pelling
On 24 October 2022, the ICO issued a penalty notice (MPN) to Interserve Group Limited (Interserve), imposing a fine of £4.4m for violations of the GDPR (the violations were pre-Brexit).
The ICO found that Interserve had failed to put appropriate technical and organisational measures in place to secure personal
Continue Reading UK: ICO issue fine of £4.4m to Interserve for security failings
Authors: Zoltán Kozma, Mark Almasy
The case involved the personal data processing
