We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. These exposures include business interruption, legal liability (such as class action lawsuits), as well as crisis costs to investigate the breach, notify the victims and defend/settle lawsuits, including AG regulatory enforcement actions and fines. Also, don’t miss the items below in ORANGE.
Cloud hosting provider Linode reported a series of DDoS attacks affecting its Linode Manager and website, according to SecurityWeek. Infrastructure was also targeted, but in a few hours, the company’s IT teams had everything under control. Click to read entire article.
A Web.com customer hit the Internet service company with a proposed class action in California federal court Tuesday over a data breach discovered in August 2015 that affected almost 100,000 users. Click to read entire article.
A recent breach of customer accounts at luxury retailer Neiman Marcus is, once again, putting the spotlight on the vulnerabilities created by relying only on usernames and passwords for online authentication. Click to read entire article.
Judge Denies Neiman’s Motion to Dismiss Data Breach Class Action Click to read entire article.
US fast food chain Wendy’s is said to be investigating a possible major data-stealing malware campaign aimed at multiple stores. Spokesperson Bob Bertini told security researcher Brian Krebs that the restaurant group has hired a security firm to look into reports from “payment industry contacts” that it may be a victim of a serious data breach. Click to read entire article.
Wendy’s Sued Over ‘Lackadaisical’ Security In Wake Of Attack Click to read entire article.
The owners of some popular restaurants in the Chicago area have notified customers to monitor their credit and debit card accounts, after a data breach affecting more than 500 restaurants nationwide. Click to read entire article.
This lawsuit potentially challenges when a plaintiff has grounds to sue for monetary damages in a healthcare data breach. …According to BMC, the health information had only been “inadvertently made accessible to the public through an independent medical record transcription service’s online site,” and not accessed inappropriately. Click to read entire article.
Medicap Pharmacy is warning customers about a possible data breach. The company said in a notice that an external hard drive was “inadvertently” disposed of on Nov. 5, 2015. Click to read entire article.
NCH Healthcare Systems, which operates two hospitals in the Naples, Fla. area, notified employees and medical staff last week that two servers containing some personal information were accessed by unauthorized personnel. Click to read entire article.
St. Luke’s Cornwall Hospital is offering free identity-theft services in the wake of a possible data breach stemming from the theft of a thumb drive last October. The theft occurred Oct. 31 when someone entered a restricted area and stole a thumb drive appearing to contain “limited” information on some patients, according to a notice posted on St. Luke’s website. Click to read entire article.
Montana-based New West Health Services d/b/a New West Medicare recently reported a potential healthcare data breach following a laptop theft. Click to read entire article.
Beaufort Delta Health and Social Services has hired two investigators to look into a potential data breach of patients’ confidential health records by employees at the Inuvik Hospital. Click to read entire article.
An Oklahoma woman is suing her home state and eight of its district attorneys for allegedly disclosing her birthday and full Social Security number on publicly available court documents, a state law violation that puts her at risk of identity theft. Click to read entire article.
About 200 people in Clark and Champaign counties might have had their personal information exposed by a regional agency that several local communities use to collect income taxes. Click to read entire article.
Hackers breached Lawrence Public Schools’ online database, acquiring teachers’ personal information, possibly including their Social Security numbers, school officials said. In an email to teachers Friday evening, Superintendent/Receiver Jeff Riley said the data breach was the result of a “phishing attack directed at Lawrence Public Schools.” Click to read entire article.
Citrix, a US company providing SaaS software solutions, has acknowledged this week a data breach that occurred last October, but denied claims that the hacker got access to company or customer data during the incident. Click to read entire article.
A number of Dell customers claim to have been contacted by scammers who had access to specific customer information that should have only been available to Dell. The company says it hasn’t been hacked but won’t offer an explanation for the seemingly stolen data. Click to read entire article.
Criminals may have stolen personal and tax-return information from about 8,800 customers of TaxSlayer LLC, a provider of software to individuals who prepare their own tax returns, according to the company. Click to read entire article.
TaxAct announced that the tax return information of about 450 customers may have been stolen. The affected customers received a letter from the tax software company on January 11, informing them that their names and Social Security numbers may have been compromised. Click to read entire article.
HSBC is apologising to angry customers after its online banking service crashed after coming under cyber attack. Click to read entire article.
The biggest bank in Canada says it accidentally mailed hundreds of incorrect RRSP receipts to the wrong customers, exposing the names, addresses and social insurance numbers of those clients in the process. Click to read entire article.
The nation’s largest police union said on Thursday that it’s asked the FBI to investigate a computer breach that allowed hackers to steal hundreds of internal documents that have since been published online. Click to read entire article.
The University confirmed that, as a result of a phishing email scam, unauthorized individuals were able to access the human resources system, thus exposing the payroll records of approximately 1,400 employees, including W-2s for years 2013 and 2014, which include Social Security numbers. And, the direct-deposit banking information of 40 employees were accessed. Click to read entire article.
The University of Central Florida was hit with a proposed class action in Florida federal court on Friday alleging the university failed to adequately safeguard personal data when a recent hack exposed the confidential data of 63,000 current and former students and employees. Click to read entire article.
News of this latest vulnerability comes courtesy of Mark Stanislav at Boston-based security firm Rapid7, who released a security alert about the Fisher-Price Smart Toy as well as the hereO GPS platform today. Both companies have since fixed the issues, according to Rapid7. Nevertheless, the news is a stark reminder of just how prevalent security flaws can be in consumer products. Click to read entire article.
On January 7, Uber was fined $20,000 by the New York Attorney General’s office for failing to report a September 2014 data breach. In addition to the fine, Uber had to agree to make security changes. Click to read entire article.
Consumers accusing software maker Carrier IQ, along with Samsung and other cellphone manufacturers, of illegally collecting their data told a California federal judge on Friday that they’ve reached a $9 million deal covering 79 million people after settlement negotiations stalled last year. Click to read entire article.
Audio equipment maker Bose was hit with a proposed class action on Friday in California federal court over its alleged illegal practice of requesting and recording customers’ personal information during credit card transactions at its California retail stores. Click to read entire article.
A Michigan federal judge on Friday granted preliminary approval to a $7.5 million settlement to resolve a putative class action accusing magazine publisher Meredith Corp. of violating the state’s Video Rental Privacy Act by disclosing subscribers’ personal data. Click to read entire article.
Patagonia, Ace Hardware, Aeropostale, Bed Bath & Beyond and Estee Lauder are the most recent companies sued by blind plaintiffs, alleging that the retailers’ websites are not accessible to the blind as required by the Americans with Disabilities Act (ADA). Click to read entire article.
B.C.’s Education Ministry failed to properly provide adequate security surrounding the personal information of 3.4 million students and teachers, an investigation by the province’s privacy commissioner has found. Click to read entire article.
An Antigonish woman has filed a proposed class action against the Bank of Nova Scotia, alleging an employee illegally accessed her personal information and then distributed it to third parties. Linda Matthews Mont filed the action in Nova Scotia Supreme Court in September 2014, alleging that at some point before March 29, 2012, a bank employee accessed and disseminated her personal information, including her name, social insurance number, home address, date of birth, financial information, credit history and other data. Click to read entire article.
If HMRC gets hacked, and its users’ data gets compromised, it could face compensation claims of more than £13 billion, a new report by digital authentication provider, MIRACL, suggests. MIRACL asked 1,000 UK consumers about how much money they would ask as compensation if HMRC’s data gets breached, and the average amount was £1,316. Knowing that some ten million people are expected to complete their tax returns online by the end of this month, that puts the total amount to more than £13 billion, or exactly £13,160,000,000. Click to read entire article.
The European data centre company Interxion has notified customers of a data breach. According to the website of security speaker and commentator Graham Cluley, the company notified customers of a breach via e-mail, last weekend, that reportedly saw a hacker gain access to a customer relationship management (CRM) system. Cluley’s site said that a report had been run that accessed up to 23,000 contacts. Click to read entire article.
A 0-day security breach at Lincolnshire County Council has exposed locals’ medical records, addresses, and bank details, claimed an anonymous tipster, though the council denies any data was stolen. Click to read entire article.
A patient’s private medical details were posted to a stranger after a blunder by staff at Croydon’s NHS trust, the Information Commissioner has found. A temporary worker at Croydon Health Services sent “sensitive personal data” and “clinical information” to the wrong person after entering an incorrect address. Click to read entire article.
Fans of the band Faithless might be suffering from more than insomnia this morning after it was revealed that thousands of user details had been stolen from the band’s website. Click to read entire article.
Hackers broke into the servers of Bank Yerushalayim over the weekend, entering a customer database, where they accessed data on thousands of customers. The bank took the database offline after the breach was discovered, it reported in a notice sent to customers on Motzoei Shabbos. Click to read entire article.
Taobao.com is a Chinese buying-and-selling site, like eBay in the US. Taobao is owned by China’s online giant, Alibaba, and offers what’s known as C2C, or consumer-to-consumer, retail. Click to read entire article.
Cyber Risk Assessment & Data Breach Services