May was a busy data breach/cyber risk month! See below for a sampling of recent media stories involving cyber risk and privacy liability.
Items include phishing, data loss, cybertheft, third-party vendors, lawsuits and a legislative update (Tennessee).
Also, today we announced a new service offering called Breach Plan Connect™ – check out our press release for more details!
Finally, we hope to see you at our Cyber Liability Conference in Philly June 7-8 (nearly sold out!) – 90 speakers over 2 days!
Note this future cyber expert sporting some NetDiligence swag from last year’s conference!
LinkedIn is encouraging users to change their passwords as it confirmed on May 18 that a hacker has put 117 million accounts up for sale on the dark web. Click to read entire article.
This week, Google started notifying affected employees of a data breach that occurred when a third-party benefits vendor mistakenly sent an email file with employee information to an unintended source. Click to read entire article.
A federal judge in Atlanta says multiple suits against The Home Depot associated with a massive breach that compromised financial data of about 56 million customers can move ahead to a possible trial. U.S. District Chief Judge Thomas Thrash Jr. issued the ruling Wednesday, saying he had declined the Atlanta-based home improvement chain’s “invitation to hold that it had no legal duty to safeguard information even though it had warnings that its data security was inadequate.” Click to read entire article.
The Broomfield-based chain of fast-casual restaurants has notified financial agencies, which in turn are sharing the news with customers. “We have received information from Visa that during a recent security review, your Visa card number was identified as possibly being compromised at Noodles & Company locations and is at risk for unauthorized charges…” Click to read entire article.
Georgia residents are being warned to check their bank accounts after a data breach at a popular eatery. Georgia Attorney General Sam Olens urged consumers to monitor their accounts after the reportered breach at O’Charley’s restaurants. Click to read entire article.
National Association of Federal Credit Unions (NAFCU) Executive Vice President of Government Affairs and General Counsel Carrie Hunt issued the following statement in response to final judgment from Target Corp. with financial institutions based on the retailer’s massive data breach in 2013. Combined with the attorneys’ fees, the settlement creates approximately $59 million in overall monetary class benefits. Click to read entire article.
Kmart Corp. has settled a proposed class action in which financial institutions accused it of using outdated security measures when hackers breached its networks in 2014, according to a Thursday filing in Illinois federal court. Kmart and the financial institutions — led by Greater Chautauqua Federal Credit Union — told U.S. District Judge John Z. Lee in a hearing that they had reached a deal, according to a brief minute entry. The banks sought to recover damages caused by Kmart’s alleged negligence and violations of the Illinois Personal Information Protection and Consumer Fraud acts and New York state general business law, according to court documents. Click to read entire article.
Recent disclosures by the FDIC and Wendy’s following breach incidents underscore the protracted nature of detection and post-breach notifications. States in the U.S. and the European Union hope to shorten that timeline. Click to read entire article.
A medical group in Texas is facing a potential healthcare data breach that may have exposed patient and employee information after a hacking incident. Approximately 50,000 individuals were affected by the healthcare data security event at the Medical Colleagues of Texas, LLP, reported the Houston Chronicle on its website. Click to read entire article.
Children’s National Health System has notified more than 4,000 patients of a data breach after a former vendor inadvertently shared patient health information on the Internet. Click to read entire article.
The problem, according to the state, involved the “unauthorized disclosure of some of your child’s Protected Health Information (PHI).” Click to read entire article.
Hackers breached the computer network of a doctors’ group in Katy, potentially accessing upward of 50,000 medical records and personnel files, a lawyer for the practice said Wednesday. Click to read entire article.
On May 5, the Bay Area Children’s Association reported to the California Attorney General that an attacker compromised patient information after planting malware on the systems of its electronic medical record provider. Click to read entire article.
1. In the last two years, nearly 90 percent of healthcare organizations encountered at least one data breach.
2. An average data breach costs nearly $2.2 million per hack.
Click to read entire article.
Outraged parents demanded answers Wednesday from the Poway Unified School District after a massive data breach released personal information of more than 36,000 students. Click to read entire article.
San Juan County in New Mexico reported that the information of patients in the county’s DWI treatment program may have been compromised after an attacker gained remote access to one of its computers. Click to read entire article.
A Rockhurst University spokesman said Monday that the university would not comment on the pending lawsuit, which says it was reckless and willful in exposing personal identification data in W-2 forms to phishing scammers last month. Click to read entire article.
The Milwaukee Bucks reportedly had a security breach in which sensitive information was released, including financial compensation, Social Security numbers and home addresses. Click to read entire article.
Increasingly, companies and organizations are experiencing cyber attacks that involve extortion plots. Click to read entire article.
With the proliferation of storage of personal data and the increase in hacking efforts and phishing scams, Wisconsin courts are likely to see more data breach class actions on the horizon. Wisconsin businesses handling personal data should be aware of the reasoning of the recent Seventh Circuit decision Lewert v. P.F. Chang’s China Bistro, Inc., No. 14-3700, 2016 WL 1459226 (7th Cir. Apr. 14, 2016), as well as applicable Wisconsin cybersecurity statutes. Click to read entire article.
Tennessee recently amended its data breach notice law (in particular, its definition of the term “breach of security of the system”), effective July 1, 2016. This amendment is a potential game-changer. While the law affords protection to personal information in computerized form, there will no longer be a safe harbor for this kind of information when encrypted. Click to read entire article.
Parenting retailer Kiddicare has revealed up to 794,000 of its customers have been the subject of a data breach after a testing website was hacked. The company was made aware of the breach after customers reported suspicious text messages sent to them that did not appear to be from Kiddicare.. Click to read entire article.
Cybercriminals stole $9 million from a bank in Ecuador last year by exploiting the same international messaging service that was compromised in the $81 million hack of Bangladesh’s central bank, an obscure lawsuit has revealed. Click to read entire article.
Taxi payments company Cabcharge is reissuing nearly 3500 payment cards after security researchers uncovered an unsecured database of the firm’s transaction details online. Click to read entire article.
Researchers at the US cybersecurity company FireEye have discovered that hackers have begun to probe the defences of banks in the Middle East by targeting bank employees with malware-infected emails to collect information about bank networks and user accounts. Click to read entire article.
RELATED: Six More Banks Supposedly Hacked by Turkish Hackers Click to read entire article.
Cyber Risk Assessment & Data Breach Services