Happy New Year! We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. These exposures include business interruption, legal liability (such as class action lawsuits), as well as crisis costs to investigate the breach, notify the victims and defend/settle lawsuits, including AG regulatory enforcement actions and fines. Also, don’t miss the items below in ORANGE.
Deutsche Bank AG’s Japanese brokerage unit faces regulatory penalties for the second time in two years after the nation’s securities watchdog found that the firm improperly shared information about a company’s earnings with clients. The Securities and Exchange Surveillance Commission recommended that the Financial Services Agency take administrative action against Deutsche Securities Inc., the SESC said in a statement on Tuesday, without specifying the type of penalties sought. The firm’s governance and compliance processes are weak, the commission said. Click to read entire article.
A hacker has published the account statements of hundreds of United Arab Emirates (UAE) bank customers after his $3 million ransom demand went unfulfilled. The stolen data was said at the time to total 900GB in size and to include the names, credit card information, and financial details of Invest Bank customers. The hacker stated that he would remain silent about the hack if he were to receive approximately $3 million USD worth of Bitcoin from Invest Bank. Click to read entire article.
Authorities continue to investigate a security breach at the Quincy Credit Union, a breach that gave hackers access to hundreds of accounts. Click to read entire article.
This Christmas, Steam users got an unexpected surprise Now, Valve is giving new details on how that data leak happened and exactly how much information was revealed. According to an announcement today, the problem stemmed from a denial-of-service attack executed on Christmas morning, increasing traffic to 21 times normal volume. Click to read entire article.
Attorney Advertising. On December 31, 2015, Keller Rohrback L.L.P. filed a class action lawsuit against VTech Electronics North American L.L.C. alleging the digital toymaker exposed the data of more than ten million parents, legal guardians, and minor children. Click to read entire article.
Hyatt Hotels Corp. the Chicago-based American hotel company that operates globally said it recently discovered malicious software on its computer system which processes the payment from customers. Sources revealed that Hyatt hired expert FireEye Inc.to help the hotel to investigate the attack. Click to read entire article.
The breach occurred in 2013 at a dam in New York state and raises concerns over the security of computer systems that govern America’s infrastructure. Click to read entire article.
The National Nuclear Security Administration has confirmed a federal data breach affected some employees at Pantex Plant, potentially leaking background investigation details, fingerprints, mental health and financial history information. Click to read entire article.
SanrioTown.com, a popular online community for the iconic brand Hello Kitty, was recently discovered to have leaked the private information of its users. The breach includes personal details, such as full names, dates of birth, email addresses and even the answers to users’ security questions and forgotten passwords. Click to read entire article.
Target Corp has agreed to pay $39.4 million to resolve claims by banks and credit unions that said they lost money because of the retailer’s late 2013 data breach. The settlement filed on Wednesday resolves class-action claims by lenders seeking to hold Target responsible for their costs to reimburse fraudulent charges and issue new credit and debit cards. …Earlier this year, Target agreed to
over the breach and reached a
with shoppers. The latter accord won court approval last month. Last week, Target said it had spent $290 million related to the breach, and expected insurers to reimburse $90 million. It still faces shareholder lawsuits, as well as probes by the Federal Trade Commission and state attorneys general, over the breach. Click to read entire article.
Just after a massive security breach hit Safeway—and credit-card skimmers subsequently drained customers’ bank accounts—an even larger-scale credit card breach has hit Landry’s Inc., the parent company to well-known chains like Morton’s Steakhouse and Rainforest Cafe. Click to read entire article.
Federal authorities have discovered a “backdoor” computer hack in Juniper Networks, which controls the connections used by many businesses and government agencies. This potential vulnerability was discovered in software that the government uses called ScreenOS from Juniper Networks, which enables a virtual private network, or VPN, according to a CBS News report. Click to read entire article.
A Pasadena child welfare agency has warned of a computer security breach that may have exposed the personal information of nearly 1,000 clients and staff members. Click to read entire article.
A number of Optus customers had their personal information revealed in a spreadsheet posted by debt collector firm ARC on Freelancer.com.
Telecommunications provider Optus has confirmed reports by publication Crikey that personal customer data was breached when an employee of ARC Mercantile posted a spreadsheet of customers owing money to Optus on Freelancer.com in November. Click to read entire article.
Pub Chain JD Wetherspoon has revealed that the personal details of over 650,000 customers have been stolen after its database was hacked between 15 and 17 June. Click to read entire article.
On New Year’s Eve, BBC site was attacked by hackers and was made unavailable for few hours after which a BBC source described the hit as a ‘distributed denial of service’ attack. Click to read entire article.
Facebook users in the UK could be in danger of identity theft this Christmas because they show their full name and email address on their profile, new research claims. Click to read entire article.
A health clinic that mistakenly revealed the identity of HIV-positive patients in a group email has been fined £250 by the UK’s data watchdog. Click to read entire article.
…According to the survey, “employee error” turns out to be the most common reason for a data breach. An example of the kind of employee error mentioned in the survey – “accidently sending an email with sensitive information to someone outside the company” – is something just about all of us have heard about or experienced in our own organizations. Click to read entire article.
Cyber Risk Assessment & Data Breach Services