nd_swag

May was a busy data breach/cyber risk month! See below for a sampling of recent media stories involving cyber risk and privacy liability.

Items include phishing, data loss, cybertheft, third-party vendors, lawsuits and a legislative update (Tennessee).

Also, today we announced a new service offering called Breach Plan Connect™ – check out our press release for more details!

Finally, we hope to see you at our Cyber Liability Conference in Philly June 7-8 (nearly sold out!) – 90 speakers over 2 days!

Note this future cyber expert sporting some NetDiligence swag from last year’s conference!

SOCIAL MEDIA
—I WAS AFFECTED, UGH—
LinkedIn Urges Users To Change Passwords: Hacker Puts 117 Million Accounts Up For Sale

LinkedIn is encouraging users to change their passwords as it confirmed on May 18 that a hacker has put 117 million accounts up for sale on the dark web. Click to read entire article.

VENDOR MISHAPS
—EVEN AT GOOGLE—
Benefits vendor’s flub leads to data breach at Google

This week, Google started notifying affected employees of a data breach that occurred when a third-party benefits vendor mistakenly sent an email file with employee information to an unintended source. Click to read entire article.

RETAIL
—CLASS ACTION UPDATE—
Judge Allows Data Breach Suits Against Home Depot to Go Forward

A federal judge in Atlanta says multiple suits against The Home Depot associated with a massive breach that compromised financial data of about 56 million customers can move ahead to a possible trial. U.S. District Chief Judge Thomas Thrash Jr. issued the ruling Wednesday, saying he had declined the Atlanta-based home improvement chain’s “invitation to hold that it had no legal duty to safeguard information even though it had warnings that its data security was inadequate.” Click to read entire article.

Noodles & Company indirectly warns customers of credit card breach

The Broomfield-based chain of fast-casual restaurants has notified financial agencies, which in turn are sharing the news with customers. “We have received information from Visa that during a recent security review, your Visa card number was identified as possibly being compromised at Noodles & Company locations and is at risk for unauthorized charges…” Click to read entire article.

Georgia AG Olens warns residents after O’Charley’s data breach

Georgia residents are being warned to check their bank accounts after a data breach at a popular eatery. Georgia Attorney General Sam Olens urged consumers to monitor their accounts after the reportered breach at O’Charley’s restaurants. Click to read entire article.

FINANCIAL SERVICES
—SETTLEMENT ALERT—
NAFCU statement in response to final judgment creating $59 million tab in Target settlement with financial institutions

National Association of Federal Credit Unions (NAFCU) Executive Vice President of Government Affairs and General Counsel Carrie Hunt issued the following statement in response to final judgment from Target Corp. with financial institutions based on the retailer’s massive data breach in 2013. Combined with the attorneys’ fees, the settlement creates approximately $59 million in overall monetary class benefits. Click to read entire article.

—SETTLEMENT ALERT—
Kmart, Banks Reach Deal In Data Breach Suit

Kmart Corp. has settled a proposed class action in which financial institutions accused it of using outdated security measures when hackers breached its networks in 2014, according to a Thursday filing in Illinois federal court. Kmart and the financial institutions — led by Greater Chautauqua Federal Credit Union — told U.S. District Judge John Z. Lee in a hearing that they had reached a deal, according to a brief minute entry. The banks sought to recover damages caused by Kmart’s alleged negligence and violations of the Illinois Personal Information Protection and Consumer Fraud acts and New York state general business law, according to court documents. Click to read entire article.

FDIC, Wendy’s Delay Breach Notifications

Recent disclosures by the FDIC and Wendy’s following breach incidents underscore the protracted nature of detection and post-breach notifications. States in the U.S. and the European Union hope to shorten that timeline. Click to read entire article.

HEALTHCARE
Hackers Access EHR Data in Potential Healthcare Data Breach

A medical group in Texas is facing a potential healthcare data breach that may have exposed patient and employee information after a hacking incident. Approximately 50,000 individuals were affected by the healthcare data security event at the Medical Colleagues of Texas, LLP, reported the Houston Chronicle on its website. Click to read entire article.

Children’s National Health System hit by another data breach

Children’s National Health System has notified more than 4,000 patients of a data breach after a former vendor inadvertently shared patient health information on the Internet. Click to read entire article.

Plaintiffs Allege Data Breach by Boston Medical Center, Lawsuit to Go Ahead

The problem, according to the state, involved the “unauthorized disclosure of some of your child’s Protected Health Information (PHI).” Click to read entire article.

Data breach reported at Katy physicians group

Hackers breached the computer network of a doctors’ group in Katy, potentially accessing upward of 50,000 medical records and personnel files, a lawyer for the practice said Wednesday. Click to read entire article.

Bay Area Children’s Association patient data breached

On May 5, the Bay Area Children’s Association reported to the California Attorney General that an attacker compromised patient information after planting malware on the systems of its electronic medical record provider. Click to read entire article.

Study: Data breaches cost healthcare industry $6.2B – 4 points

1. In the last two years, nearly 90 percent of healthcare organizations encountered at least one data breach.
2. An average data breach costs nearly $2.2 million per hack.
Click to read entire article.

PUBLIC ENTITY
Poway School District: Parents demand answers after data breach

Outraged parents demanded answers Wednesday from the Poway Unified School District after a massive data breach released personal information of more than 36,000 students. Click to read entire article.

San Juan County DWI program patient data compromised

San Juan County in New Mexico reported that the information of patients in the county’s DWI treatment program may have been compromised after an attacker gained remote access to one of its computers. Click to read entire article.

HIGHER EDUCATION
—LAWSUIT ALERT—
Rockhurst University is sued over data breach in phishing scam

A Rockhurst University spokesman said Monday that the university would not comment on the pending lawsuit, which says it was reckless and willful in exposing personal identification data in W-2 forms to phishing scammers last month. Click to read entire article.

PROFESSIONAL SPORTS – NBA
Bucks Players’ Financial Documents Reportedly Compromised in Security Breach

The Milwaukee Bucks reportedly had a security breach in which sensitive information was released, including financial compensation, Social Security numbers and home addresses. Click to read entire article.

CYBER LIABILITY INSURANCE
Businesses and their insurers face threat from ransomware

Increasingly, companies and organizations are experiencing cyber attacks that involve extortion plots. Click to read entire article.

CYBER BREACH LEGAL UPDATES
Seventh Circuit Sets Relatively Low Threshold to Establish Standing in Data Breach Class Actions

With the proliferation of storage of personal data and the increase in hacking efforts and phishing scams, Wisconsin courts are likely to see more data breach class actions on the horizon. Wisconsin businesses handling personal data should be aware of the reasoning of the recent Seventh Circuit decision Lewert v. P.F. Chang’s China Bistro, Inc., No. 14-3700, 2016 WL 1459226 (7th Cir. Apr. 14, 2016), as well as applicable Wisconsin cybersecurity statutes. Click to read entire article.

—JEN COUGHLIN SPEAKS!—
Inside Tennessee’s Revolutionary Data Breach Notice Law

Tennessee recently amended its data breach notice law (in particular, its definition of the term “breach of security of the system”), effective July 1, 2016. This amendment is a potential game-changer. While the law affords protection to personal information in computerized form, there will no longer be a safe harbor for this kind of information when encrypted. Click to read entire article.

UK/EUROPE
794,000 Kiddicare customer details stolen in data breach

Parenting retailer Kiddicare has revealed up to 794,000 of its customers have been the subject of a data breach after a testing website was hacked. The company was made aware of the breach after customers reported suspicious text messages sent to them that did not appear to be from Kiddicare.. Click to read entire article.

SOUTH AMERICA
—LAWSUIT ALERT—
Lawsuit exposes $9M cybertheft through banking software

Cybercriminals stole $9 million from a bank in Ecuador last year by exploiting the same international messaging service that was compromised in the $81 million hack of Bangladesh’s central bank, an obscure lawsuit has revealed. Click to read entire article.

ASIA/PACIFIC
Security firm outs Cabcharge data breach

Taxi payments company Cabcharge is reissuing nearly 3500 payment cards after security researchers uncovered an unsecured database of the firm’s transaction details online. Click to read entire article.

MIDDLE EAST
Hackers target banks in the Middle East

Researchers at the US cybersecurity company FireEye have discovered that hackers have begun to probe the defences of banks in the Middle East by targeting bank employees with malware-infected emails to collect information about bank networks and user accounts. Click to read entire article.
RELATED: Six More Banks Supposedly Hacked by Turkish Hackers Click to read entire article.

Regards,
Mark Greisiger
NetDiligence®
Cyber Risk Assessment & Data Breach Services