With federal agencies deemphasizing rulemaking and enforcement, “states are advancing more prescriptive cybersecurity standards for financial institutions, including many that align with the approach and standards set by the New York Department of Financial Services (NYDFS),” the Cooley law firm blogged Wednesday.

Security company Palo Alto Networks announced Wednesday an agreement to buy Israeli identity security provider CyberArk for $25 billion in cash and stock. Palo Alto Chairman and CEO Nikesh Arora said on CNBC’s Squawk on the Street that the deal will strengthen his company's ability to prevent AI-based identity theft, noting that about 88% of ransomware attacks are driven by credential theft, and “identity is an unsolved problem.” Palo Alto viewed CyberArk as the “strongest player” in the space, he said.

A women-only app intended to enhance safety for online dating users has disabled its direct messaging (DM) feature after learning that some messages were accessed during a data breach that occurred July 25 (see 2507280017). Earlier this month, the Tea app suffered a breach that leaked 72,000 images, including 13,000 selfies with identifying information.

Companies will need to navigate stricter security requirements in response to the Trump administration’s AI Action Plan, attorneys at Davis Wright Tremaine said Monday (see 2507230058).

Brigham Young University (BYU) suffered a data breach in late April that may have exposed the personal data of students and faculty, but waited three months before informing them, a law firm investigating the incident on behalf of potential victims said Friday. Schubert Jonckheer said the school started informing its community "on or around July 23, 2025, which may have violated state and federal laws." Maine and Vermont attorneys general also reported the breach on July 23.

A women-only app intended to enhance safety for online dating users suffered a breach this month that leaked 72,000 images, including 13,000 selfies with identifying information, a law firm investigating the breach said Friday. Edelson Lechtzin is investigating the breach of the Tea app for a potential class-action on behalf of victims.

Philadelphia Indemnity Insurance suffered a cyberattack in June that potentially left customer data exposed, the company said in a notification letter the California AG office reported Tuesday. Texas and New Hampshire also reported the incident.

A Massachusetts-based health care provider discovered a data breach late in November 2022 and "promptly" reported it to federal authorities and state regulators, it said; however, it only began alerting affected customers this month, a law firm investigating the incident on behalf of potential victims said Tuesday.

House of Dior suffered a data breach in January that may have exposed the personal information of customers, a law firm investigating the incident on behalf of potential victims said Tuesday. Schubert Jonckheer noted Dior "did not begin notifying affected individuals until on or around July 18, 2025, which may have violated state and federal laws." The French luxury fashion firm didn't identify the breach until May 7, Schubert Jonckheer noted.

U.S. Department of Agriculture (USDA) attempts to collect personal data of millions of Supplemental Nutrition Assistance Program (SNAP) recipients from the states are unnecessary, inefficient, and unlawful, said a Friday comment letter from a coalition of states, led by the California attorney general. The USDA, which suspended its data demand after a lawsuit from the Electronic Privacy Information Center (EPIC) and others, published a System of Records Notice (SORN) on June 23 in an attempt to resolve legal issues and resume the data collection (see 2507180027).