We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. These exposures include business interruption, legal liability (such as class action lawsuits), as well as crisis costs to investigate the breach, notify the victims and defend/settle lawsuits, including AG regulatory enforcement actions and fines. Also, don’t miss the items below in ORANGE.

CYBER INSURANCE 101
Cyber insurance offers companies a safety net from online hackers

Since digital technology is so new — and its capabilities so amazing — the vulnerability to attack at the corporate level may not be so evident. But, as technical experts and local insurance experts attest, the risk is all too real, making effective preparedness a necessity, not a luxury. Click to read entire article.

FEDERAL GOVERNMENT
US: Computer Breach Bigger Than First Thought; 700K Victims

The IRS said Friday that the number of taxpayers whose tax information may have been stolen by computer hackers now exceeds 700,000 — more than double the agency’s previous estimate. Click to read entire article.

HIGHER EDUCATION
Data breach affects 80,000 UC Berkeley faculty, students and alumni

A hacker broke into the University of California, Berkeley computer system holding financial data of 80,000 students, alumni, current and former employees, school officials said Friday. Click to read entire article.

—LAWSUIT ALERT—
Second lawsuit filed against UCF over data breach

A second lawsuit is being filed against the University of Central Florida for a massive data breach that surfaced at the beginning of the month. The lawsuit is the second to be filed after UCF announced that a hacker gained access to 63,000 Social Security numbers belonging to former and current students and workers. Click to read entire article.

JSU: Juvenile student arrested in data breach

Jacksonville State University officials Wednesday announced that a juvenile student had been arrested in connection with the release of personal data about JSU students, faculty and staff. Click to read entire article.

HEALTHCARE
California hospital admits paying $17,000 ransom to hacker

While it was not the first hacked organization to acquiesce to attackers’ demands, the California hospital that paid $17,000 in ransom to hackers to regain control of its computer system was unusual in one notable way: It went public with the news. Click to read entire article.

—PAPER RECORDS MATTER!—
Ohio patient records found in recycling bin

The bin on the north side of Springfield, about 50 miles west of Columbus, was filled with documents and films containing the names, Social Security numbers, medical information, dates of birth or other sensitive information on file for 113,000 people at Community Mercy Health Partners, which includes Springfield Regional Medical Center. Click to read entire article.

York Hospital reports data breach affecting its employees

York Hospital is reporting that hundreds of employees at its hospital and four campuses in York County have been victimized by cyber criminals. “Personal identifying information” related to names, addresses, Social Security numbers and wages were stolen, hospital spokeswoman Jody Merrill said Wednesday. Click to read entire article.

Healthcare Data Breach in CA Caused by Impersonation Scam
Recent healthcare data breaches include impersonation scams, stolen devices, and unauthorized database access.

Magnolia Health Corporation (MHC) has reported a potential data breach due to a likely scam that has affected all active MHC employees and its affiliated facilities. Click to read entire article.

FINANCIAL SERVICES
Coast Central Credit Union Website Hacked; Management ‘Confident’ Online Banking Was Not Compromised

A popular Internet security blog revealed last night that unknown hackers compromised Coast Central Credit Union’s website at the end of last year, installing a backdoor that gave them access to internal files and data on the site until yesterday. Click to read entire article.

PUBLIC ENTITY
SC Medicaid computer breach exposes data of 1 million

A four-decade-old computer system and poor safety measures at South Carolina’s Medicaid agency exposed the personal health information of roughly 1 million residents to risk of cybertheft, according to a federal report released Friday. Click to read entire article.

Missoula school student data breach included alumni records

Missoula County Public Schools says a data breach that affected more than 1,100 students also included private information on alumni and deceased students. Click to read entire article.

ENERGY/UTILITIES
Security breach reported by Kankakee Valley REMC

Kankakee Valley REMC recently fell victim to a possible cyber-security breach, a company official said in a news release, though the electric company does not yet know if customer account information was copied or taken. The breach was identified following a cyber-security audit conducted on the cooperative’s system in mid-January, when it was discovered that a foreign Internet Protocol address had accessed a storage device on the cooperative’s network, the press release said. Immediate action was taken and the accessed pathway was removed. The device accessed stored information of 17,700 Kankakee Valley REMC members. Click to read entire article.

INTERNET OF THINGS (IOT)
Nissan Leaf Security Hole Exposes Hacking Vulnerabilities of Connected Cars
Security experts find troubling vulnerability in the Nissan Leaf electric car

Security researchers Troy Hunt and Scott Helme discovered that remotely accessing a Leaf car only requires knowing a Vehicle Identification Number (VIN). That’s it—no other security methods are in place. Click to read entire article.

MOBILE DEVICE RISK
New Study Shows Mobile Devices The Cause Of Some Data Breaches

A single mobile device infected with malware can cost a victim organization an average of $9,485, according to a Ponemon Institute report. Click to read entire article.

SECURITY STUDIES
—THE BURNING QUESTION!—
Calif.’s Harris Outlines ‘Reasonable’ Data Security

California Attorney General Kamala Harris (D) has released the state’s data breach report, laying out the legal and ethical responsibilities of businesses to keep information safe and perhaps most importantly outlining what the state believes is “reasonable security” that companies must employ to avoid possible enforcement actions. Click to read entire article.

CANADA
—CLASS ACTION ALERT—
Class action launched against auto lender for data breach

Quebec law firm Lex Group Inc. announced Monday it has gained authorization to move forward with a data breach class action dealing with the loss of personal information of customers who in March 2008 leased a Chrysler, Dodge or Jeep vehicle from DaimlerChrysler Financial Services Canada Inc., now known as TD Auto Finance Services Inc. Click to read entire article.

Five Mounties sue RCMP in alleged medical privacy breach

A group of Mounties has filed a lawsuit against the RCMP, alleging their medical records were obtained by their employer and shared outside the organization without consent. Click to read entire article.

EUROPE
Students hit by University of Greenwich data breach

Personal details about hundreds of London-based research students were posted online in an apparent breach of data privacy laws. Click to read entire article.

Data breach ‘more dangerous than CEO departure’
CIOs call for firms to highlight data security capabilities in financial statements

A data breach is more damaging to an organisation than the departure of its chief executive, a profit warning or a product recall, according to a new survey of senior Irish IT leaders. The research shows that 67 per cent of respondents believe companies should highlight data security and management capabilities in financial statements as they would key figures such as revenue and net profit. Click to read entire article.

Child tracker outfit uKnowKids admits breach, kicks off row with security researcher

The developers of child-tracker app uKnowKids have responded to reports of a data breach, admitting an issue had also exposed its proprietary IP. Click to read entire article.

ASIA/PACIFIC
SAP security breaches are on the rise, so what’s being done about it?

Sponsored by Onapsis, this is the industry’s first research survey on SAP cybersecurity, and demonstrates that more than half of companies surveyed (56%) believe it is likely their company will have a data breach due to insecure SAP applications. This same group indicates their company’s SAP platform has been breached an average of two times in the past 24 months, yet 63% indicate C-level executives tend to underestimate the risks associated with insecure SAP applications. Click to read entire article.

Regards,
Mark Greisiger

NetDiligence®
Cyber Risk Assessment & Data Breach Services

Mark.Greisiger@NetDiligence.com
610.525.6383 (office)
www.NetDiligence.com