GRC Report Staff

DOJ Secures $4.7 Million Settlement With EyePoint Over Alleged Drug Kickbacks

A Massachusetts-based drugmaker, EyePoint Pharmaceuticals, has agreed to pay $4,657,463.18 to resolve allegations that it violated the False Claims Act by paying kickbacks to certain ambulatory surgery centers to encourage them to purchase and dispense DEXYCU, an injectable treatment approved for ocular inflammation following cataract surgery. The alleged conduct spans from Jan. 1, 2019, through March 1, 2023. Under separate agreements, EyePoint will also pay an additional $21,518.68 to certain participating states.

Thirty ESG Evaluation & Data Providers Back Japan FSA's ESG Code of Conduct

Thirty ESG evaluation and data providers had endorsed Japan's Code of Conduct for ESG Evaluation and Data Providers as of June 30, 2026, according to an updated list published by the country's Financial Services Agency (FSA).

Italian Competition Authority Fines Six Companies More Than €2.5 Million for Olympic Ambush Marketing

There are few assets as carefully protected as the right to call yourself an Olympic sponsor. Companies spend years negotiating for that privilege and millions securing it. Others, seeing the attention the Games inevitably command, sometimes try a less expensive route, such as standing close enough to borrow the glow without ever paying for the light. Italy's competition regulator has decided that six companies crossed that line.

Wind Tre Fined €1.7 Million After Data Breaches Exposed Information of More Than 365,000 Customers

Italy's data protection authority has fined telecommunications provider Wind Tre €1.7156 million after finding serious security deficiencies that enabled attackers to gain unauthorized access to company systems and exfiltrate the personal data of more than 365,000 customers. The decision follows an investigation by the Italian Data Protection Authority, known as the Garante per la Protezione dei Dati Personali, into two data breaches that the company reported in February 2025.

Australian Privacy Regulator Ends Qantas Data Breach Inquiry Without Opening Formal Investigation

When hackers gained access to the personal information of roughly 5 million Australians during the 2025 cyberattack on Qantas, the obvious question was whether the airline had failed in its legal duty to protect that data. After nearly a year of preliminary inquiries, Australia's privacy regulator has answered that question, at least for now.

Labcorp Agrees to Pay $14.5 Million to Resolve Medicare Billing Allegations Over Urine Drug Testing

Laboratory testing is supposed to answer a medical question. The Justice Department says one of Labcorp's testing panels answered another as well: how to bill Medicare. The laboratory diagnostics company has agreed to pay $14.5 million to resolve allegations that it submitted false claims to Medicare Part B for medically unnecessary urine drug testing performed through a panel marketed as ToxAssure Comprehensive.

Austrian High Court Upholds €13 Million GDPR Fine Over Political Profiling

Austria's highest administrative court has brought one of the country's most closely watched data protection cases to a close, confirming that the creation and commercial use of inferred political preferences for millions of people violated the General Data Protection Regulation and clarifying several principles that will shape how GDPR fines are assessed in the years ahead.