- How to build and deliver an MCP server for production | Docker
- AI-generated images are a legal mess - and still a very human process
- A year after testing, I still recommend these Nothing earbuds the most
- Now Is Not the Time to Cut Back on Security Teams
- Why a Distributed Workforce Needs Distributed Security
US Data Breach Lawsuits Total $155M Amid Cybersecurity Failures
New research by cybersecurity firm Panaseer has found that US companies paid out a total of $155m in class action lawsuits related to data breaches over the last six months.
In an examination of all data breach class action filings from ClassActions.org and settlements from Top Class Actions between August 2024 and February 2025, the company found that 43 lawsuits were filed, and 73 settlements were reached.
Settlements averaged around $3m, with the largest reaching $21m. Individual payouts to affected employees or customers ranged from $150 to $12,000.
Read more: 1 in 5 US Ransomware Attacks Triggers Lawsuit
Inadequate security measures led to 50% of the filings and 97% of settlements reached.
Meanwhile, failure to encrypt data (40% of filings, 1% of settlements) and delayed breach notifications (10% of filings, 3% of settlements) were also cited as reasons for suits.
“While people – and the courts – can be understanding when a company falls victim to an attack, they’re far less forgiving when it looks like the organization failed in its duty of care around data,” commented Jonathan Gill, CEO at Panaseer.
“But most breaches don’t happen because companies willfully ignore security. Instead, they will set a target risk position, then over time slide back and take on more exposure than intended because well-intentioned people don’t have information they can trust, presented in a language they understand, to do the important work. It’s a process problem, not a people problem.”
The company recommended organizations to recognize that the best defense against legal action is to be able to demonstrate – and prove – due diligence around cybersecurity. This starts with having a clear, accurate picture of data, assets and the security controls in place to protect them.
Panaseer also identified that within the US, those states with stricter privacy laws saw the most class action activity – this included California (13.2%), Florida (11.5%), Illinois (7.1%) and New Jersey (6.2%).
In terms of sector breakdown, healthcare (32.7%), finance (13.2%) and retail (5.3%) were hit the hardest – facing the most lawsuits and the highest fines.
