We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. These exposures include business interruption, legal liability (such as class action lawsuits), as well as crisis costs to investigate the breach, notify the victims and defend/settle lawsuits, including AG regulatory enforcement actions and fines. Also, don’t miss the items below in ORANGE.

FINANCIAL SERVICES
Credit Unions Pile Into Wendy’s Breach Suit

The number of credit unions suing Wendy’s over its recent data breach has soared in recent weeks, and other members of the industry are also piling into the class action suit against the fast food chain. The case against the burger chain now includes 19 credit unions, three banks, four credit union leagues and CUNA. In July, a Pennsylvania District Court Judge consolidated the suits. Click to read entire article.

HEALTHCARE
Banner Health Says Cyberattack Affected 3.7M Patients

Nonprofit hospital system Banner Health began sending out letters to 3.7 million people Wednesday after it said it was the victim of a sophisticated cyberattack of patients’ and customers’ health care and credit card information. The hack originated on computer systems at Banner locations selling food and beverages through credit card transactions, and spread from a breach of cardholder data to include patient and health plan information, Banner said in a statement announcing the attack. Physicians and health care providers were also victims of the breach. Click to read entire article.

—HIPAA SETTLEMENT ALERT – $275 PER RECORD—
UMMC to pay $2.75 million fee in federal settlement

After failing to notify patients of a potential data breach in 2013, the University of Mississippi Medical Center announced Friday it will pay the civil rights division of the U.S. Department of Health and Human Services a $2.75 million penalty. …The investigation stemmed from the theft of an intensive care unit laptop that created a potential data breach that could have affected 10,000 patient. Click to read entire article.

—HIPAA SETTLEMENT ALERT – $385 PER RECORD—
Ore. Health System Pays $2.7M To Settle Data Breach Probes

Oregon Health & Science University has agreed to pay $2.7 million to resolve U.S. Department of Health and Human Services Office for Civil Rights investigations of two data breaches that affected more than 7,000 patients, the university announced Wednesday. Click to read entire article.

—CLASS ACTION ALERT—
Lawsuits Filed in 21st Century Oncology Data Breach

In March, 21st Century Oncology reported that 2.2 million cancer patient records were exposed in a data breach. At least 17 separate class action lawsuits have been filed in Florida and California over this breach. On July 14, a U.S. magistrate judge in Fort Myers recommended the case be consolidated into a single claim and transferred to Florida. Click to read entire article.

Prosthetic and Orthotic Care Inc issues notification of data breach

According to a press release, Prosthetic and Orthotic Care (P&O Care) learned of a possible breach on July 10, 2016. The Federal Bureau of Investigation (FBI) began an investigation and found a hacker obtained patient medical records due to a previously unknown flaw in software purchased by the office. Medical records included names, contact information, P&O Care patient identification numbers, diagnostic codes, appointment dates and last billing amounts. Some records also contained Social Security numbers, birthdates, medical insurance companies, identification information and photos of procedures. Click to read entire article.

Laurel clinic warns patients of data breach

A Laurel clinic has issued a warning to a small group of their patients after a recent data breach of their systems. Click to read entire article.

Keller Rohrback Investigates Data Breach Involving More Than 300,000 Patients at Athens Orthopedic Clinics

Attorney Advertising. Keller Rohrback L.L.P. is investigating recent reports of a large data breach of patient information from the Georgia-based Athens Orthopedic Clinic (“AOC”). Reports indicate that approximately 397,000 current and former patients may have had their information exposed, and that 500 patient records appeared for sale on the black market by a group of web hackers who call themselves the “Dark Overlords”. Click to read entire article.

StarCare Specialty Health System announces patient information breach

StarCare Specialty Health System announced on Monday a breach of patient information stemming from a burglary earlier this year. People broke in to the StarCare/StarQuest office at 3315 East Broadway on May 30 and stole five laptops, according to a statement from StarCare. Click to read entire article.

Cybercriminal data breaches in Healthcare may exceed a whopping $6.2 billion!

Ponemon reported that “over the past two years the average cost of a data breach for healthcare organizations is estimated to be more than $2.2 million. No healthcare organization, regardless of size, is immune from data breach.” The “Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data” study included this alarming information about healthcare’s ability to properly protect ePHI (electronic Protect Health Information) and included data from 91 Covered Entities and 84 Business Associates… Click to read entire article.

RETAIL
—CLASS ACTION ALERT—
Data Breach Class-Action Lawsuit Sprouts in California

The defendant is Sprouts Farmers Market Inc., an enterprise based in Phoenix, Arizona, with 224 stores across the country. The allegation is that W-2 Wage and Tax forms belonging to any employee having worked for Sprouts in 2015 may have been compromised. Click to read entire article.

CiCi’s Pizza Data Breach Leaves Mid-South Customers At Risk

Malware was found on the devices used to run bank and credit cards at restaurants. Cici’s is investigating data breaches at more than 100 restaurants across the country, starting in March 2015, with most of the breaches beginning March of 2016. Click to read entire article.

Beggars Group (4AD, Matador, XL) Hacked, Customers Warned of Data Breach

Labels behind Radiohead, Vampire Weekend, the xx, more, say credit card information may have been stolen from online stores. Click to read entire article.

HOSPITALITY
Kimpton Hotels Disclose Data Breach

Kimpton Hotels, a boutique hotel brand that includes 62 properties across the United States, said yesterday it is investigating reports of a credit card breach at multiple locations. Security Experts commented below. Click to read entire article.

3 Austin Omni hotels affected by data breach

Omni’s Austin hotels were affected by a recently discovered data breach, the Dallas-based chain said Wednesday. Click to read entire article.

PRIVACY ETHICS
Rolling Stone Unlawfully Sold Readers’ Data, Suit Says

The publisher of Rolling Stone magazine is running afoul of Michigan’s Video Rental Privacy Act by selling its customers’ names, subscription history and other personal information to “anyone willing to buy” the data, according to a putative class action recently filed in federal court. Click to read entire article.

MEDIA / ENTERTAINMENT
Disney Playdom Forums Suffer Data Breach

Disney announced on Friday via a statement on its website that it shut down the Playdom Forums after it had detected a data breach at the start of the month. Click to read entire article.

ONLINE GAMES
Companies Behind Warframe, Clash of Kings Games Suffer Data Breaches

Two prominent gaming companies have announced this week that they suffered data breaches at the hands of unknown hackers. Click to read entire article.

ONLINE SERVICES
Glassdoor ‘Carelessly’ Exposed 600K Users’ Emails, Suit Says

The job review and recruiting website Glassdoor exposed the identities of 600,000 anonymous users and opened them up to retaliation by “carelessly” revealing their email addresses in a recent blast to members, according to a putative class action filed in California federal court Monday. Click to read entire article.

CYBERSECURITY STUDIES TO NOTE
Data Breach Cost Grows To USD 4 Mn Per Incident: Study

A research sponsored by IBM Security that analyzed the financial impact of data breaches to a company’s bottomline found that the average cost of such incidents has grown by a whopping 29 per cent since 2013 to about USD 4 million in 2016. Click to read entire article.

TECHNOLOGY
Yahoo probes possible huge data breach

Yahoo is investigating claims the hacker linked to “mega-breaches” at MySpace and LinkedIn has posted details of 200 million Yahoo accounts to a marketplace on the dark web. Usernames, passwords and dates of birth are being offered for sale for three bitcoins (£1,360). Click to read entire article.

CANADA
Saskatchewan Government Insurance notifies customers of a privacy breach

Saskatchewan Government Insurance (SGI) has notified customers of a privacy breach by an employee at an independent motor license issuing office in Vonda, Sask. Click to read entire article.

Privacy commissioner to investigate data breach of public servants’ personal info

Personal data for 10,000 public servants was mistakenly emailed to an outside contractor IBM calling into question the just how well the federal government is protecting the privacy of its employees. (CBC) Click to read entire article.

EUROPE
HSBC suffers major security breach as hackers launch cyber attack on bank’s servers

HACKING group OurMine claim they took down US and UK HSBC servers following a spate of cyber attacks on major tech firm bosses. Click to read entire article.

Polish telecom data breach leaks 14gb worth of customer data

Netia SA., a Polish telecom operator, has just suffered a massive data breach. During an attack, hackers gained access to 14 gigabytes of customer data, and kept the website down for a good portion of the day. Now, Netia is in recovery mode. Click to read entire article.

Canonical hack exposes private data of 2 million forum members

Canonical, the company behind the popular open-source operating system Ubuntu, has told users of its forums that personal details may have been exposed in a recent data breach. Click to read entire article.

ASIA/PACIFIC
About $70M Stolen From HK Bitcoin Exchange

Nearly $70 million worth of the virtual currency bitcoin was stolen Tuesday from Hong Kong bitcoin exchange Bitfinex, leading the exchange to halt all trading and shut down its website. Click to read entire article.

Interpark breach victims consider lawsuit

Interpark, Korea’s leading online shopping site, now faces potential lawsuits after it revealed on Monday that the personal data of more than 10 million members had been leaked. Click to read entire article.

Banks on the defense following Vietnam Airlines data breach

Two Vietnamese commercial banks have taken measures to protect customers who have used their cards in transactions with Vietnam Airlines, in the wake of a breach concerning more than 400,000 membership credentials of the national flag carrier. Click to read entire article.

MAS probes case of UOB’s unshredded client data

The Monetary Authority of Singapore (MAS) is investigating a case involving UOB, which had its clients’ unshredded documents found in a trashbag under a tree at Boat Quay, and said that it will take action against banks that do not safeguard the confidentiality of customer information. Click to read entire article.

Australian Bureau of Statistics reports 14 data breaches since 2013

The bureau is facing criticism from privacy and civil liberties groups over changes to the 2016 census, which involve the retention of people’s names and addresses. Click to read entire article.

Regards,
Mark Greisiger
NetDiligence®
Cyber Risk Assessment & Data Breach Services