We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. These exposures include business interruption, legal liability (such as class action lawsuits), as well as crisis costs to investigate the breach, notify the victims and defend/settle lawsuits, including AG regulatory enforcement actions and fines. Also, don’t miss the items below in ORANGE.
A southwestern Montana credit union has notified 135 of its members that some of their personal information could have been publicly accessible through its website. Click to read entire article.
The city said Friday that computer hackers gained access to personal information of people who had contact with the Middletown Police Department. While an investigation has found no evidence of fraudulent misuse of personal information, the city is notifying those potentially affected by the breach and offering them free credit-monitoring and identity-restoration services. Click to read entire article.
Katy ISD is warning parents of a potential data breach involving students’ information. The district sent out a letter on Oct. 7. The letter states that SunGard K-12, a third-party vendor that provides services for Katy ISD’s student data management system, was recently exposed. Click to read entire article.
Shop at a Mapco and pay with a card sometime in March or April of 2013? Chances are pretty good, considering the ubiquity of the Brentwood-based convenience store operator in Middle Tennessee. And the chances are good, then, that you might be in line for some settlement money. Click to read entire article.
The luggage and handbag designer Vera Bradley has notified its customers of a data breach. It announced yesterday (October 12th) that it had launched an investigation last month into a “payment card incident” at some of its retail stores. Click to read entire article.
Central Ohio Urology Group put a number to the size of its data breach August — 300,000. Click to read entire article.
A breach of security by a billing vendor used by Northwest Community Hospital in Arlington Heights left 550 patients exposed to potential identity theft this past spring. Click to read entire article.
Recent cases of data security incidents, some including possible PHI data breaches, involve employees downloading data, a ransomware attack, and a cybersecurity incident. Click to read entire article.
Two notorious hackers – one known as Revolver or 1×0123 and one known as Peace – are separately claiming to have broken into the hookup site AdultFriendFinder (AFF) and breached millions of user account details. Click to read entire article.
Last week, a cyberattack on internet service and DNS management company Dyn made inaccessible several highly trafficked websites including Twitter, PayPal, GitHub, Netflix, The New York Times, Vox Media, and more. Click to read entire article.
A biotechnology information technology professional from Somerville, Massachusetts, is being charged with conspiracy to launch cyberattacks against two local hospitals: Boston Children’s Hospital (BCH) and the Wayside Youth and Family Support Network, a mental health facility. Click to read entire article.
A massive data breach earlier this month at Habitat for Humanity exposed the personal information of thousands of individuals, including their Social Security numbers. Click to read entire article.
The Hutchinson Community Foundation in Kansas was hit with a data breach and ransomware attack.
How many victims? Nearly 5,500
What type of information? Personal and financial information
Click to read entire article.
Lawyers who have filed 18 consumer class actions over Yahoo’s data breach are converging on where the litigation should be heard: California’s Northern District and, in particular, before U.S. District Judge Lucy Koh. Their choice of Koh comes as no surprise. Koh previously issued one of the few favorable rulings for plaintiffs in data breach cases, in which consumers—who struggle to show actual injury from the hacks—have generally not fared well. Click to read entire article.
The popular website creating service, Weebly, had information on 43,430,316 users leaked back in February. The breach of Weebly’s main database was discovered by LeakedSource, who received a database of credentials from an anonymous source. Click to read entire article.
Modern Business Solutions (MBS) is a company you’ve probably never heard of. It doesn’t deal with the general public; other businesses make up this data management firm’s customer base. But, here’s what’s scary: Even though you’ve never used MBS personally, your private information could still be sitting on one of its servers. And worse, it could have been stolen. …Currently, authorities have only confirmed 58 million records that were stolen. However, as the investigation continues that number is expected to grow, possibly to as many as 258 million. Click to read entire article.
Insurance carriers and agents have come to learn that increased data can lead to greater risk for insureds, and they are increasingly advising businesses to disclose data collection practices while seeking to gain insurance coverage, according to David Garrett, president of CISO Advisory & Investigations LLC. Standard insurance applications are becoming more detailed in the wake of increased wrongful collection of data claims as more companies are unintentionally swept up in litigation or regulatory action as a result of data collection practices, insurance industry experts told Insurance Journal. Click to read entire article.
The average cyber breach claim for a large company was almost $6 million, according to the findings released by NetDiligence in its latest study on cyber claim costs. Click to read entire article.
Anyone who bought a “Never Hillary” poster or donated funds to the National Republican Senatorial Committee (NRSC) between March and early October of this year is highly likely to have been the victim of a cybercrime. They had plenty of company. Click to read entire article.
UK businesses could face up to £122bn in penalties for data breaches when new EU legislation comes into effect in 2018, the Payment Card Industry Security Standards Council (PCI SSC) has warned. Click to read entire article.
All operations have been cancelled at three hospitals run by the same NHS Trust after a virus attack compromised their computer system. The system, which is run by Northern Lincolnshire and Goole NHS Trust, had to be shut down on Monday following yesterday’s breach, which has been described as a ‘major incident’. Click to read entire article.
Nearly 10,000 people have been hit by data breaches at the hands of the BBC over the past nine years, according to data seen by Business Insider. Click to read entire article.
Nets, a well-known Danish payment processing company claims to have lost 100,000 credit cards to hackers. The company has even informed local banks to block up the 100,000 credit cards, which are suspected to be compromised by hackers. Click to read entire article.
The biggest lesson emerging from the recent recall of 3.2 million debit cards by various Indian banks is that most of the systems that the government and the country’s financial sector put in place to deal with a major cyber attack failed to detect the data breach that necessitated this recall. Click to read entire article.
A printing firm hired by an insurance company sent erroneous account statements to policyholders that resulted in more than 8,000 people having their personal data leaked. The data breach by Toh-Shi Printing Singapore was its second such infringement and it was fined $25,000 last month by the Personal Data Protection Commission Singapore (PDPC) for failing to implement adequate checks in processing personal data. Click to read entire article.
Centrelink has copped yet another major backlash after contact details of hundreds of users of the myGov web portal were shared with hundreds of strangers – twice. Click to read entire article.
The New Zealand Nurses Organisation is blaming ‘human error’ for a privacy breach which saw personal details of all its members’ sent to a Yahoo email address. Click to read entire article.
Australian Red Cross Blood Service announced a breach of personal information related to recent blood donors, according to the Guardian. Click to read entire article.
Cyber Risk Assessment & Data Breach Services