We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. These exposures include business interruption, legal liability (such as class action lawsuits), as well as crisis costs to investigate the breach, notify the victims and defend/settle lawsuits, including AG regulatory enforcement actions and fines. Also, don’t miss the items below in ORANGE.
Since digital technology is so new — and its capabilities so amazing — the vulnerability to attack at the corporate level may not be so evident. But, as technical experts and local insurance experts attest, the risk is all too real, making effective preparedness a necessity, not a luxury. Click to read entire article.
The IRS said Friday that the number of taxpayers whose tax information may have been stolen by computer hackers now exceeds 700,000 — more than double the agency’s previous estimate. Click to read entire article.
A hacker broke into the University of California, Berkeley computer system holding financial data of 80,000 students, alumni, current and former employees, school officials said Friday. Click to read entire article.
A second lawsuit is being filed against the University of Central Florida for a massive data breach that surfaced at the beginning of the month. The lawsuit is the second to be filed after UCF announced that a hacker gained access to 63,000 Social Security numbers belonging to former and current students and workers. Click to read entire article.
Jacksonville State University officials Wednesday announced that a juvenile student had been arrested in connection with the release of personal data about JSU students, faculty and staff. Click to read entire article.
While it was not the first hacked organization to acquiesce to attackers’ demands, the California hospital that paid $17,000 in ransom to hackers to regain control of its computer system was unusual in one notable way: It went public with the news. Click to read entire article.
The bin on the north side of Springfield, about 50 miles west of Columbus, was filled with documents and films containing the names, Social Security numbers, medical information, dates of birth or other sensitive information on file for 113,000 people at Community Mercy Health Partners, which includes Springfield Regional Medical Center. Click to read entire article.
York Hospital is reporting that hundreds of employees at its hospital and four campuses in York County have been victimized by cyber criminals. “Personal identifying information” related to names, addresses, Social Security numbers and wages were stolen, hospital spokeswoman Jody Merrill said Wednesday. Click to read entire article.
Magnolia Health Corporation (MHC) has reported a potential data breach due to a likely scam that has affected all active MHC employees and its affiliated facilities. Click to read entire article.
A popular Internet security blog revealed last night that unknown hackers compromised Coast Central Credit Union’s website at the end of last year, installing a backdoor that gave them access to internal files and data on the site until yesterday. Click to read entire article.
A four-decade-old computer system and poor safety measures at South Carolina’s Medicaid agency exposed the personal health information of roughly 1 million residents to risk of cybertheft, according to a federal report released Friday. Click to read entire article.
Missoula County Public Schools says a data breach that affected more than 1,100 students also included private information on alumni and deceased students. Click to read entire article.
Kankakee Valley REMC recently fell victim to a possible cyber-security breach, a company official said in a news release, though the electric company does not yet know if customer account information was copied or taken. The breach was identified following a cyber-security audit conducted on the cooperative’s system in mid-January, when it was discovered that a foreign Internet Protocol address had accessed a storage device on the cooperative’s network, the press release said. Immediate action was taken and the accessed pathway was removed. The device accessed stored information of 17,700 Kankakee Valley REMC members. Click to read entire article.
Security researchers Troy Hunt and Scott Helme discovered that remotely accessing a Leaf car only requires knowing a Vehicle Identification Number (VIN). That’s it—no other security methods are in place. Click to read entire article.
A single mobile device infected with malware can cost a victim organization an average of $9,485, according to a Ponemon Institute report. Click to read entire article.
California Attorney General Kamala Harris (D) has released the state’s data breach report, laying out the legal and ethical responsibilities of businesses to keep information safe and perhaps most importantly outlining what the state believes is “reasonable security” that companies must employ to avoid possible enforcement actions. Click to read entire article.
Quebec law firm Lex Group Inc. announced Monday it has gained authorization to move forward with a data breach class action dealing with the loss of personal information of customers who in March 2008 leased a Chrysler, Dodge or Jeep vehicle from DaimlerChrysler Financial Services Canada Inc., now known as TD Auto Finance Services Inc. Click to read entire article.
A group of Mounties has filed a lawsuit against the RCMP, alleging their medical records were obtained by their employer and shared outside the organization without consent. Click to read entire article.
Personal details about hundreds of London-based research students were posted online in an apparent breach of data privacy laws. Click to read entire article.
A data breach is more damaging to an organisation than the departure of its chief executive, a profit warning or a product recall, according to a new survey of senior Irish IT leaders. The research shows that 67 per cent of respondents believe companies should highlight data security and management capabilities in financial statements as they would key figures such as revenue and net profit. Click to read entire article.
The developers of child-tracker app uKnowKids have responded to reports of a data breach, admitting an issue had also exposed its proprietary IP. Click to read entire article.
Sponsored by Onapsis, this is the industry’s first research survey on SAP cybersecurity, and demonstrates that more than half of companies surveyed (56%) believe it is likely their company will have a data breach due to insecure SAP applications. This same group indicates their company’s SAP platform has been breached an average of two times in the past 24 months, yet 63% indicate C-level executives tend to underestimate the risks associated with insecure SAP applications. Click to read entire article.
Cyber Risk Assessment & Data Breach Services