We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. These exposures include business interruption, legal liability (such as class action lawsuits), as well as crisis costs to investigate the breach, notify the victims and defend/settle lawsuits, including AG regulatory enforcement actions and fines. Also, don’t miss the items below in ORANGE.

HEALTHCARE
Hack of Quest Diagnostics App Exposes Data of 34,000 Patients

On Nov. 26, an “unauthorized third party” gained access to names, dates of birth and lab results, but not insurance or financial information, the company said. Click to read entire article.

PHI Data Breach Stems from Computer Hacking at GA Entity

Recent data security incidents include a PHI data breach from a computer hack, a missing CD containing patient information, and a missing laptop. Click to read entire article.

RETAIL
Hackers Hijack Madison Square Garden Payment Systems, Credit Card Data at Risk

If you used the credit card to pay for items at Madison Square Garden you might want to check your account balance because the company has just acknowledged a breach that existed between November 9, 2015 and October 24, 2016. Click to read entire article.

PROFESSIONAL SERVICES – LAW FIRMS
—TARGETED SPEAR PHISHING—
Scam Targeting Attorneys Causes Big Loss To Bank

As many attorneys know, attorneys have been the frequent target of scams, such as those promising a big fee to assist in transferring funds to or from overseas or to assist in a collection case. Click to read entire article.

HIGHER EDUCATION
MSU to spend $2.9 million in wake of data breach

MSU will spend an estimated $2.9 million on identity theft protection in the wake of the data breach that exposed university records of about 400,000 people. Click to read entire article.

Erasmus University Data Breach Exposes Students’ Medical and Financial Information

A total of 270,000 webforms residing on one particular web server were breached during the attack. Close to 5,000 forms contain student medical information, indicating their health and whether or not they suffer from specific ailments. Moreover, it also provides insights into diseases such as dyslexia, allergies, or other conditions relevant to their behavior. Click to read entire article.

FINANCIAL SERVICES
Hackers target Russian Central Bank in $45 million heist

The Russian Central Bank recently reported about a breach that occurred earlier this year. According to Forbes, hackers have attempted to steal a total of $45 million from a multitude of accounts using spoofed credentials for one of the Bank’s customers. Click to read entire article.

BUSINESS INTERRUPTION (DDoS ATTACK)
TalkTalk And Post Office Routers Hit By Cyber-Attack

BBC broke the news that thousands of TalkTalk and Post Office customers had their internet access cut by an attack on certain routers. Click to read entire article.

MOBILE APP RISK
Remote management app exposes millions of Android users to hacking

Man-in-the-middle attackers could exploit an AirDroid flaw to execute malicious code on devices. Click to read entire article.

TECHNOLOGY SP
Navy asks Hewlett Packard to pay up for personal data breach

The Navy is pressing private contractor Hewlett Packard Enterprise to pay for credit monitoring services for sailors affected by a data breach that exposed more than 130,000 social security numbers, a defense official familiar with the ongoing investigation said. Click to read entire article.

—IT MANUFACTURER RISK—
BLU Faces Possible Class Action Lawsuit Over Security Breach

While BLU is only a minor player in the smartphone industry with “only” 30 million devices shipped since being established in 2009, the Miami-based company could soon be facing major troubles. Earlier this month, the Californian consumer electronics manufacturer admitted to a significant security breach which affected approximately 120,000 of its active devices. Click to read entire article.

Yahoo user files class action over data breach, alleges she was victim of identity theft

A Yahoo user alleges she was the victim of identity theft after a 2014 data breach. Click to read entire article.

Adobe ordered to pay $1M for 2013 data breach

Adobe was ordered to pay $1 million on Monday to settle a lawsuit over a 2013 data breach that impacted about 38 million people, according to KrebsonSecurity. Click to read entire article.

SOCIAL MEDIA
Friend Finder Data Breach Exposes 400M Swingers

Data of more than 412 million users was compromised in the latest breach, LeakedSource reported. Passwords taken in the breach were either in plain text or SHA1 hashed, and neither method could be considered secure. Click to read entire article.

PUBLIC ENTITY
—RANSOMWARE ATTACK—
Muni system hacker hit others by scanning for year-old Java vulnerability

Backups meant SFMTA didn’t have to pay 100-Bitcoin ransom demanded by the attacker. Click to read entire article.

—UPDATE TO ABOVE—
SF MUNI hacker lashes out, threatens to release 30GBs of compromised data

The person claiming responsibility for the attack on San Francisco’s MUNI says the SFMTA has lax security, and warns that if the ransom isn’t paid, they’ll release 30GB of compromised data. Click to read entire article.

Almost 600,000 at risk of identity theft after US Department of Housing and Urban Development data breach

Fargo woman received a letter from public housing saying she was at risk of identity theft. It was a result of a US Department of Housing and Urban Development data breach and now she’s worried for her safety. Click to read entire article.

Chicago Public Schools notifies families of student data breach

Chicago Public Schools has notified the families of about 30,000 students that a district employee improperly distributed confidential student information to a charter school operator for use in a mail advertising campaign. Click to read entire article.

CYBER RISK STUDIES
Kaspersky Lab Study Examines Top Enterprise Data Breach Risks

In an effort to help provide some insight into how organizations around the world perceive security, Kaspersky Lab conducted a global study with B2B International of more than 4,000 business representatives from 25 countries. Click to read entire article.

CANADA
$50M lawsuit filed in Casino Rama data breach

Lawyers have formally filed documents to have a class action lawsuit certified in the Casino Rama Resort data breach. Click to read entire article.

Mandatory breach notification in Canada has ‘potential to effectively cause’ class-action lawsuits: PCUC speaker

Impending changes to Canada’s Personal Information Protection and Electronic Documents (PIPEDA) could “effectively cause more class-action” lawsuits down the road because companies will be required to report information security breaches that pose “a real risk of significant harm,” a lawyer recently warned insurance professionals. Click to read entire article.

Carleton U warns students of hacker attack on IT network

Carleton University is warning students and employees after an external group apparently attempted to hack the school’s IT network. Click to read entire article.

Justice ministry looking into privacy breach case at Vonda SGI issuer

Saskatchewan’s justice ministry is investigating a privacy breach in which an employee at a private SGI licence issuer in Vonda accessed information on thousands of people. Click to read entire article.

EUROPE/UK
Massive hack in Germany sees nearly one million forced offline- and it could happen again anywhere, experts warn

Nearly a million Deutsche Telekom customers in Germany were affected by a mass internet outage as hackers attempted to hijack home web routers as part of a wider attack. The firm said as many as 900,000 users, or about 4.5 percent of its 20 million fixed-line customers, suffered internet outages starting on Sunday and continuing into Monday. Click to read entire article.

National Lottery suffers data breach, exposes 26,500 customer accounts

Thousands of National Lottery players have been exposed to a data breach allowing malefactors to potentially ransack customers’ transaction history, date of birth, bank sort code, and the last four digits of their bank account number, its operator Camelot confirmed on Wednesday morning. Click to read entire article.

MIDDLE EAST
Saudi central bank systems, government agencies struck by Iran malware Shamoon

Washington: State-sponsored hackers who unleashed a digital bomb in key parts of Saudi Arabia’s computer networks over the last two weeks damaged systems at the country’s central bank, according to two people briefed on an ongoing investigation of the breach. Click to read entire article.

Regards,
Mark Greisiger
NetDiligence®
Cyber Risk Assessment & Data Breach Services