We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. These exposures include business interruption, legal liability (such as class action lawsuits), as well as crisis costs to investigate the breach, notify the victims and defend/settle lawsuits, including AG regulatory enforcement actions and fines. Also, don’t miss the items below in ORANGE.

FINANCIAL SERVICES
Credit union tells customers about possible security breach

A southwestern Montana credit union has notified 135 of its members that some of their personal information could have been publicly accessible through its website. Click to read entire article.

PUBLIC ENTITY
Hackers breach City of Middletown computer system

The city said Friday that computer hackers gained access to personal information of people who had contact with the Middletown Police Department. While an investigation has found no evidence of fraudulent misuse of personal information, the city is notifying those potentially affected by the breach and offering them free credit-monitoring and identity-restoration services. Click to read entire article.

Katy ISD notifies parents of potential data breach of students’ info

Katy ISD is warning parents of a potential data breach involving students’ information. The district sent out a letter on Oct. 7. The letter states that SunGard K-12, a third-party vendor that provides services for Katy ISD’s student data management system, was recently exposed. Click to read entire article.

RETAIL
—CLASS ACTION SETTLEMENT ALERT—
Mapco Data Breach Class-Action: How To Get Your Settlement

Shop at a Mapco and pay with a card sometime in March or April of 2013? Chances are pretty good, considering the ubiquity of the Brentwood-based convenience store operator in Middle Tennessee. And the chances are good, then, that you might be in line for some settlement money. Click to read entire article.

Vera Bradley alerts customers to data breach

The luggage and handbag designer Vera Bradley has notified its customers of a data breach. It announced yesterday (October 12th) that it had launched an investigation last month into a “payment card incident” at some of its retail stores. Click to read entire article.

HEALTHCARE
Urology data breach affected 300,000

Central Ohio Urology Group put a number to the size of its data breach August — 300,000. Click to read entire article.

—CAUSED BY VENDOR—
Northwest Community patients affected by national data breach

A breach of security by a billing vendor used by Northwest Community Hospital in Arlington Heights left 550 patients exposed to potential identity theft this past spring. Click to read entire article.

Potential CalOptima PHI Data Breach Affects 56K Members

Recent cases of data security incidents, some including possible PHI data breaches, involve employees downloading data, a ransomware attack, and a cybersecurity incident. Click to read entire article.

SOCIAL MEDIA
Millions of AdultFriendFinder user accounts hacked — again

Two notorious hackers – one known as Revolver or 1×0123 and one known as Peace – are separately claiming to have broken into the hookup site AdultFriendFinder (AFF) and breached millions of user account details. Click to read entire article.

BUSINESS INTERRUPTION
—THIS EXPOSURE CAN IMPACT ANYONE—
Massive Internet Outage Appears Resolved

Last week, a cyberattack on internet service and DNS management company Dyn made inaccessible several highly trafficked websites including Twitter, PayPal, GitHub, Netflix, The New York Times, Vox Media, and more. Click to read entire article.

—SCARY STUFF—
Anonymous hacker charged with DDoS attacks on hospitals

A biotechnology information technology professional from Somerville, Massachusetts, is being charged with conspiracy to launch cyberattacks against two local hospitals: Boston Children’s Hospital (BCH) and the Wayside Youth and Family Support Network, a mental health facility. Click to read entire article.

NON PROFIT
More than 5,000 people exposed in Habitat for Humanity data breach

A massive data breach earlier this month at Habitat for Humanity exposed the personal information of thousands of individuals, including their Social Security numbers. Click to read entire article.

Data breach and ransomware hit Hutchinson Community Foundation

The Hutchinson Community Foundation in Kansas was hit with a data breach and ransomware attack.
How many victims? Nearly 5,500
What type of information? Personal and financial information
Click to read entire article.

TECHNOLOGY
—YAHOO CLASS ACTION STATUS—
Koh Emerging as Class Counsel’s Choice to Preside in Yahoo Data Breach Case

Lawyers who have filed 18 consumer class actions over Yahoo’s data breach are converging on where the litigation should be heard: California’s Northern District and, in particular, before U.S. District Judge Lucy Koh. Their choice of Koh comes as no surprise. Koh previously issued one of the few favorable rulings for plaintiffs in data breach cases, in which consumers—who struggle to show actual injury from the hacks—have generally not fared well. Click to read entire article.

43 million accounts stolen from popular web-building site

The popular website creating service, Weebly, had information on 43,430,316 users leaked back in February. The breach of Weebly’s main database was discovered by LeakedSource, who received a database of credentials from an anonymous source. Click to read entire article.

58 million records swiped from data management firm

Modern Business Solutions (MBS) is a company you’ve probably never heard of. It doesn’t deal with the general public; other businesses make up this data management firm’s customer base. But, here’s what’s scary: Even though you’ve never used MBS personally, your private information could still be sitting on one of its servers. And worse, it could have been stolen. …Currently, authorities have only confirmed 58 million records that were stolen. However, as the investigation continues that number is expected to grow, possibly to as many as 258 million. Click to read entire article.

PRIVACY ETHICS / WRONGFUL DATA COLLECTION
—BIG DATA RISKS, TRANSPARENCY IS KEY—
Dangers in Data Collection: How Much Is Too Much?

Insurance carriers and agents have come to learn that increased data can lead to greater risk for insureds, and they are increasingly advising businesses to disclose data collection practices while seeking to gain insurance coverage, according to David Garrett, president of CISO Advisory & Investigations LLC. Standard insurance applications are becoming more detailed in the wake of increased wrongful collection of data claims as more companies are unintentionally swept up in litigation or regulatory action as a result of data collection practices, insurance industry experts told Insurance Journal. Click to read entire article.

CYBER RISK STUDIES
NetDiligence: Cyber Claims Continue to be Costly

The average cyber breach claim for a large company was almost $6 million, according to the findings released by NetDiligence in its latest study on cyber claim costs. Click to read entire article.

Data Breaches Top 800 to Date in 2016

Anyone who bought a “Never Hillary” poster or donated funds to the National Republican Senatorial Committee (NRSC) between March and early October of this year is highly likely to have been the victim of a cybercrime. They had plenty of company. Click to read entire article.

EUROPE/UK
UK firms could face £122bn in data breach fines in 2018

UK businesses could face up to £122bn in penalties for data breaches when new EU legislation comes into effect in 2018, the Payment Card Industry Security Standards Council (PCI SSC) has warned. Click to read entire article.

NHS Trust cancels EVERY operation at three hospitals after its electronic system was hit by a computer virus attack

All operations have been cancelled at three hospitals run by the same NHS Trust after a virus attack compromised their computer system. The system, which is run by Northern Lincolnshire and Goole NHS Trust, had to be shut down on Monday following yesterday’s breach, which has been described as a ‘major incident’. Click to read entire article.

BBC lost phone numbers and bank account details in 169 data breaches over the past decade

Nearly 10,000 people have been hit by data breaches at the hands of the BBC over the past nine years, according to data seen by Business Insider. Click to read entire article.

Danish Payment Processing Firm Suffers Breach 100k Credit Cards Stolen

Nets, a well-known Danish payment processing company claims to have lost 100,000 credit cards to hackers. The company has even informed local banks to block up the 100,000 credit cards, which are suspected to be compromised by hackers. Click to read entire article.

ASIA/PACIFIC
India suffered a massive debit card data breach because no one connected the dots

The biggest lesson emerging from the recent recall of 3.2 million debit cards by various Indian banks is that most of the systems that the government and the country’s financial sector put in place to deal with a major cyber attack failed to detect the data breach that necessitated this recall. Click to read entire article.

Fined for leaking 8,000 people’s personal data

A printing firm hired by an insurance company sent erroneous account statements to policyholders that resulted in more than 8,000 people having their personal data leaked. The data breach by Toh-Shi Printing Singapore was its second such infringement and it was fined $25,000 last month by the Personal Data Protection Commission Singapore (PDPC) for failing to implement adequate checks in processing personal data. Click to read entire article.

Your personal details could be at risk after Centrelink security breach

Centrelink has copped yet another major backlash after contact details of hundreds of users of the myGov web portal were shared with hundreds of strangers – twice. Click to read entire article.

Human error blamed for privacy breach

The New Zealand Nurses Organisation is blaming ‘human error’ for a privacy breach which saw personal details of all its members’ sent to a Yahoo email address. Click to read entire article.

Australian Red Cross reports data breach affecting 550k blood donors

Australian Red Cross Blood Service announced a breach of personal information related to recent blood donors, according to the Guardian. Click to read entire article.

Regards,
Mark Greisiger
NetDiligence®
Cyber Risk Assessment & Data Breach Services