We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. These exposures include business interruption, legal liability (such as class action lawsuits), as well as crisis costs to investigate the breach, notify the victims and defend/settle lawsuits, including AG regulatory enforcement actions and fines.

CLOUD / AGGREGATION
VerticalScope experiences major data breach: 45 million records stolen

VerticalScope has experienced a major data breach, with cybercriminals making off with over 45 million records belonging to over 1,100 websites, it has been reported. LeakedSource, which provides detailed information on data breaches, said that some of the websites impacted by this include Techsupportforum.com, MobileCampsites.com, Pbnation.com and Motorcycle.com. Click to read entire article.

Hackers Leak 36 million+ MongoDB Accounts

A group of hackers going by the handle of TeamGhostShell has leaked more than 36 million accounts/records of internal data from several vulnerable networks in order to raise awareness about the poor security infrastructure implemented on MongoDB databases by their owners. Click to read entire article.

MOBILE DEVICES
10 million Android devices reportedly infected with Chinese malware

At least 10 million Android devices have been infected by malware called HummingBad, according to cybersecurity software maker Check Point. Click to read entire article.

FINANCIAL SERVICES
US Federal Reserve Breached 50+ Times in the Last 5 Years

The US Federal Reserve was breached 50+ times between 2011 and 2015, including several instances of espionage likely carried out by nation-state hackers. Click to read entire article.

Bamboozled: After Chicago retirement account breach, could NJ pensions be next?

City employees in Chicago had an unpleasant surprise earlier this month. Scammers got access to some retirement accounts and took fraudulent loans worth $2.6 million, reports said. Initial reports said it was a hack in which the bad guys used the personal information of employees to set up online profiles with the city’s deferred compensation plan. Click to read entire article.

HEALTHCARE
Update: Hacker puts 9.3M U.S. patient records up for sale

A hacker that claimed to have stolen databases from three U.S. healthcare organizations and has advertised more than 650,000 patient records as up for sale on Dark Net, increased that number today to a staggering 9.3 million. …the hacker is requesting an additional 750 Bitcoins, valued at nearly $500,000, for the fourth database with patient information including names, addresses, phone and social security numbers. Click to read entire article.

Calif. Cancer Network Sued For $57M Over Data Breach

A network of California cancer centers is facing a $57 million lawsuit from a putative class of patients alleging the health care provider is responsible for carelessly handling their private information after a data breach. Click to read entire article.

—THIRD PARTY CAUSED—
Massive data breach at local health care group

Dignity Health, which owns Mercy Medical, announced today that information from 520 patients was inappropriately accessed. The incident involved its business partner Navi-Health, which assists mercy with patient support after leaving the hospital. Click to read entire article.

12 latest healthcare data breaches
  • Univ New Mexico (2800)
  • ProMedica (3,472)
  • Stamford (Conn.) Podiatry Group (40,000)
  • Carondelet St. Mary’s and Carondelet St. Joseph’s emergency rooms (1000)
  • Southeast Eye Institute (87000)
  • A chiropractic clinic in Ann Arbor, Mich (4000)
  • KansasHeartHospital (ransomware attack)
  • California Correctional Health Care Services (loss laptop)
  • Greenway Health (1000)
  • UnityPoint Health – AllenHospital (1620)

Click to read entire article.

HOSPITALITY
Hard Rock Las Vegas Reports Card Data Breach

The Hard Rock Hotel & Casino in Las Vegas said Monday that customer payment—card data was accessed after malware was placed on the resort’s payment-card system, becoming the latest hotel to report such a breach. Click to read entire article.

Cowboys Casino warns personal information may have been leaked in data breach

Cowboys Casino is investigating a possible data breach after its computer system was the target of a cyber-attack.. Click to read entire article.

PUBLIC ENTITY
Data Breach Leads to Firing in Alabama Finance Department

Two senior employees with the State of Alabama Department of Finance have been disciplined by Governor Robert Bentley, with one being fired. Click to read entire article.

Minnesota courts cyberattack underscores growing threat

A recent cyberattack on the Minnesota Judicial Branch’s website underscored a growing threat that state officials warn will become more difficult to combat without additional resources. …Last week’s attack on the judicial website is known as a “distributed denial-of-service” (DDOS) attack, which overwhelms a website with network traffic, effectively blocking out legitimate users. It was the second such attack since late 2015, and similar to other attacks on government computers around the globe. Click to read entire article.

—VENDOR CAUSED—
Annapolis officials hear from people affected by parking garage data breach

Annapolis officials have received reports of people noticing fraudulent activity on their credit and debit cards after the city on Tuesday announced a potential data breach for people using those cards at city garages. Click to read entire article.

A black market is selling access to hacked government servers for $6

Want access to a government server? An online black market is selling access to thousands of hacked servers for as little as US$6. Click to read entire article.

RETAIL
—BREACH CREEP—
Wendy’s Data Breach Bigger Than Thought

The Wendy’s data breach may be much bigger than originally thought, according to reports. …That breach was thought to have affected 300 franchisee-owned Wendy’s restaurants in the United States and Canada (company-owned stores were not affected by the breach). But based on the number of fraud complaints linked to Wendy’s, experts say the breach could be much bigger than originally announced. In fact, some experts warn the breach could be bigger than the Home Depot or Target breaches, both of which affected more than 40 million people. Click to read entire article.

—CLASS ACTION ALERT—
Related to above: Wendy’s Hit By Class Action Lawsuit Over Massive Credit Card Breach

Veridian Credit Union recently filed a class action lawsuit against Wendy’s in response to a credit card breach that hit the fast food vendor’s point of sale (POS) systems starting in the fall of 2015, Law360 reports. Click to read entire article.

Also related: Financial institutions will continue litigation over data breaches, attorney says

A payment card issuer that’s suing Wendy’s for costs associated with a data breach that began in October argues that the fast food chain’s tardiness in transitioning to new payment technology makes it liable. Click to read entire article.

Acer Online Store Hacked; 34,000 Customers Data Stolen

If you are an Acer customer or ever attended one of their events and used your credit or debit cards for online shopping you have something to worry about as Acer has revealed that its servers were breached and as a result hackers got access to 34,000 customer data. Click to read entire article.

Home Depot Sues MasterCard, Visa Over Chip Card Security

Visa and MasterCard are using security measures prone to fraud, putting retailers and customers at risk of thieves, The Home Depot says in a new federal antitrust lawsuit. Click to read entire article.

HIGHER EDUCATION
Greenwich University target of revenge hack; results in huge data breach

Brief: Greenwich university has suffered a massive data breach in what looks like a revenge hack – The unknown hacker stole entire database and leaked it on the Dark Web! Click to read entire article.

TECHNOLOGY
uTorrent Forum Suffers Data Breach, 385,000 Credentials Database Stolen

The BitTorrent Client uTorrent, established by Ludvig Strigeus and later acquired by BitTorrent Inc., has issued a warning to its users regarding a security breach of their forum which allowed hackers to steal user information and password hashes of the site. Click to read entire article.

SOCIAL MEDIA
Hackers Steal 171M VK.com User Accounts

Social networking site VK.com is the latest victim in a string of targeted data breaches that have hit a host of other social media outlets such as LinkedIn, Tumblr and Myspace. Click to read entire article.

MySpace and Tumblr hit by a ‘Mega breach’

Social networks MySpace and Tumblr faced a major data breach. BBC recently reported that a total of 65,469,298 Tumblr accounts and over 360 million MySpace account details are offered for sale online. Click to read entire article.

CYBERSSECURITY RISK STUDIES
Verizon: Human error still among the top data security threats

Verizon’s 2016 Data Breach Investigations Report found human vulnerabilities and errors continue to be among companies’ top data security threats. Click to read entire article.

84% of buyers would shun their dealership after data breach

A vast majority of consumers said they would not buy another vehicle from a dealership after their data had been compromised, according to a recent survey given to both dealers and buyers. Click to read entire article.

Data breach average costs hit $4 million mark

The average cost of a data breach is $4 million, up 29 percent since 2013, according to Ponemon Institute and IBM data. Click to read entire article.

TECH UPDATE
—THIS TYPE OF TECHNOLOGY MIGHT REDUCE THE NUMBER OF ORGANIZATIONS THAT SUFFER A DATA BREACH EVENT BUT WILLFULLY DECIDE TO NOT REPORT THE INCIDENT—
ABA Endorses Rippleshot for Card Breach Detection Tool

The American Bankers Association – through its Corporation for American Banking subsidiary – announced today that it has endorsed Rippleshot’s automated card compromise detection platform. The tool, Rippleshot Sonar, is a cloud-based technology solution that uses machine learning and data analytics to identify fraud more quickly and efficiently. Reviewing millions of transactions, Rippleshot Sonar can pinpoint when and where a breach occurred. Click to read entire article.

CANADA
Empire responds to data breach

Empire Life is responding to a data breach that may have affected a number of its customers. Late last year, the insurer was the the victim of an email phishing incident in which an unauthorized source gained temporary access to ten internal employee email accounts. In phishing, a third party impersonates a trustworthy individual or organization and tricks people into supplying personal information such as usernames and passwords. Click to read entire article.

University of Calgary pays hackers $20,000 after ransomware attack

The University of Calgary paid a $20,000 ransom in untraceable Bitcoins to shadowy hackers after a devastating malware attack. Click to read entire article.

ASIA/PACIFIC
JTB Hack Underscores Need For Revamp Of Cybersecurity

Following the news that Japan’s largest travel agency JTB Corp having 7.93 million passport details, home and email addresses stolen by hackers, Guy Bunker, Senior Vice President at Clearswift commented below. Click to read entire article.

MIDDLE EAST
Middle Eastern firms and FIs lose $1.4m in data breach costs

Middle Eastern companies, including financial institutions, have experienced more than $1.4 million in financial losses due to security breaches. This is according to data from Gemalto, which surveyed 1,100 IT decision makers worldwide. In the study, 94% of Middle East companies said that their perimeter security systems like firewalls and anti-virus were effective defence. Click to read entire article.

Regards,
Mark Greisiger
NetDiligence®
Cyber Risk Assessment & Data Breach Services