Happy New Year! We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. These exposures include business interruption, legal liability (such as class action lawsuits), as well as crisis costs to investigate the breach, notify the victims and defend/settle lawsuits, including AG regulatory enforcement actions and fines. Also, don’t miss the items below in ORANGE.

FINANCIAL SERVICES
—SEC CASE TO WATCH—
Deutsche Bank Japan Unit Faces Penalty for Information Leak

Deutsche Bank AG’s Japanese brokerage unit faces regulatory penalties for the second time in two years after the nation’s securities watchdog found that the firm improperly shared information about a company’s earnings with clients. The Securities and Exchange Surveillance Commission recommended that the Financial Services Agency take administrative action against Deutsche Securities Inc., the SESC said in a statement on Tuesday, without specifying the type of penalties sought. The firm’s governance and compliance processes are weak, the commission said. Click to read entire article.

Bank refuses to pay $3,000,000 ransom, hacker exposes customer account details

A hacker has published the account statements of hundreds of United Arab Emirates (UAE) bank customers after his $3 million ransom demand went unfulfilled. The stolen data was said at the time to total 900GB in size and to include the names, credit card information, and financial details of Invest Bank customers. The hacker stated that he would remain silent about the hack if he were to receive approximately $3 million USD worth of Bitcoin from Invest Bank. Click to read entire article.

Security Breach At Quincy Credit Union Investigated

Authorities continue to investigate a security breach at the Quincy Credit Union, a breach that gave hackers access to hundreds of accounts. Click to read entire article.

ONLINE GAMING
Valve apologizes for Christmas breach, citing denial-of-service attack

This Christmas, Steam users got an unexpected surprise Now, Valve is giving new details on how that data leak happened and exactly how much information was revealed. According to an announcement today, the problem stemmed from a denial-of-service attack executed on Christmas morning, increasing traffic to 21 times normal volume. Click to read entire article.

TOY MANUFACTURER
—CLASS ACTION ALERT—
Keller Rohrback L.L.P. Files Class Action Lawsuit on Behalf of VTech Electronics North America L.L.C. Customers

Attorney Advertising. On December 31, 2015, Keller Rohrback L.L.P. filed a class action lawsuit against VTech Electronics North American L.L.C. alleging the digital toymaker exposed the data of more than ten million parents, legal guardians, and minor children. Click to read entire article.

HOSPITALITY
Hyatt Hotels warns of possible data breach

Hyatt Hotels Corp. the Chicago-based American hotel company that operates globally said it recently discovered malicious software on its computer system which processes the payment from customers. Sources revealed that Hyatt hired expert FireEye Inc.to help the hotel to investigate the attack. Click to read entire article.

NATIONAL INFRASTRUCTURE
Iranian hackers infiltrated computers of small US dam, says report

The breach occurred in 2013 at a dam in New York state and raises concerns over the security of computer systems that govern America’s infrastructure. Click to read entire article.

Data breach reaches Pantex workers

The National Nuclear Security Administration has confirmed a federal data breach affected some employees at Pantex Plant, potentially leaking background investigation details, fingerprints, mental health and financial history information. Click to read entire article.

SOCIAL MEDIA
Hello Kitty data breach exposes 3.3M

SanrioTown.com, a popular online community for the iconic brand Hello Kitty, was recently discovered to have leaked the private information of its users. The breach includes personal details, such as full names, dates of birth, email addresses and even the answers to users’ security questions and forgotten passwords. Click to read entire article.

RETAIL
—ONGOING MULTI-YEAR LEGAL ACTION—
Target in $39.4 million settlement with banks over data breach

Target Corp has agreed to pay $39.4 million to resolve claims by banks and credit unions that said they lost money because of the retailer’s late 2013 data breach. The settlement filed on Wednesday resolves class-action claims by lenders seeking to hold Target responsible for their costs to reimburse fraudulent charges and issue new credit and debit cards. …Earlier this year, Target agreed to

pay Visa Inc card issuers as much as $67 million

over the breach and reached a

$10 million settlement

with shoppers. The latter accord won court approval last month. Last week, Target said it had spent $290 million related to the breach, and expected insurers to reimburse $90 million. It still faces shareholder lawsuits, as well as probes by the Federal Trade Commission and state attorneys general, over the breach. Click to read entire article.

500 Restaurants Nationwide Suffer Major Credit Card Breach

Just after a massive security breach hit Safeway—and credit-card skimmers subsequently drained customers’ bank accounts—an even larger-scale credit card breach has hit Landry’s Inc., the parent company to well-known chains like Morton’s Steakhouse and Rainforest Cafe. Click to read entire article.

PUBLIC ENTITY
Massive data breach exposes huge volume of government data

Federal authorities have discovered a “backdoor” computer hack in Juniper Networks, which controls the connections used by many businesses and government agencies. This potential vulnerability was discovered in software that the government uses called ScreenOS from Juniper Networks, which enables a virtual private network, or VPN, according to a CBS News report. Click to read entire article.

Hillsides, a Pasadena child welfare agency, warns of data breach

A Pasadena child welfare agency has warned of a computer security breach that may have exposed the personal information of nearly 1,000 clients and staff members. Click to read entire article.

TELECOMMUNICATIONS
Optus confirms data breach on Freelancer.com

A number of Optus customers had their personal information revealed in a spreadsheet posted by debt collector firm ARC on Freelancer.com.
Telecommunications provider Optus has confirmed reports by publication Crikey that personal customer data was breached when an employee of ARC Mercantile posted a spreadsheet of customers owing money to Optus on Freelancer.com in November. Click to read entire article.

EUROPE
JD Wetherspoon confirms a massive data breach for over 650,000 customers

Pub Chain JD Wetherspoon has revealed that the personal details of over 650,000 customers have been stolen after its database was hacked between 15 and 17 June. Click to read entire article.

New World Hacking Group behind the BBC’s Cyber-Attack

On New Year’s Eve, BBC site was attacked by hackers and was made unavailable for few hours after which a BBC source described the hit as a ‘distributed denial of service’ attack. Click to read entire article.

Facebook users warned of identity theft risk

Facebook users in the UK could be in danger of identity theft this Christmas because they show their full name and email address on their profile, new research claims. Click to read entire article.

—THIS ‘FINE’ AMOUNT IS NOT A TYPO!—
HIV clinic fined £250 for data breach

A health clinic that mistakenly revealed the identity of HIV-positive patients in a group email has been fined £250 by the UK’s data watchdog. Click to read entire article.

CYBER RISK STUDIES
Leading Cause of Data Breaches – Employee Error, ACC Survey Concludes

…According to the survey, “employee error” turns out to be the most common reason for a data breach. An example of the kind of employee error mentioned in the survey – “accidently sending an email with sensitive information to someone outside the company” – is something just about all of us have heard about or experienced in our own organizations. Click to read entire article.

Regards,
Mark Greisiger

NetDiligence®
Cyber Risk Assessment & Data Breach Services

Mark.Greisiger@NetDiligence.com
610.525.6383 (office)
www.NetDiligence.com