We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. These exposures include business interruption, legal liability (such as class action lawsuits), as well as crisis costs to investigate the breach, notify the victims and defend/settle lawsuits, including AG regulatory enforcement actions and fines. Also, don’t miss the items below in ORANGE.
Microsoft has been forced to pull the search feature from its Docs.com website after it was found to be inadvertently leaking private data on millions of users. Click to read entire article.
Contrary to a hacker group’s claims, Apple said none of its systems, including iCloud and Apple ID, have been breached recently. However, the company said it is keeping an eye open for potential problems and recommends that users employ security measures such as strong passwords and two-factor authentication. According to a report Tuesday in Motherboard, a group calling itself the “Turkish Crime Family” claimed it could remotely access hundreds of millions of Apple accounts and could use that access to wipe users’ devices. The hacker(s) said they would do so on April 7 unless Apple paid a ransom of $75,000 to $100,000. Click to read entire article.
Space Systems Loral (SSL) has filed a lawsuit against Orbital ATK after an employee of that company accessed sensitive information in a NASA computer system about SSL satellite servicing technologies. Click to read entire article.
Wishbone, an app popular among teenagers, has suffered a data breach, it has been revealed. The company informed its users of the intrusion in a notification recently, saying it became aware of the data swipe on March 14. The notification says that unknown individuals “may have had access” to the company’s API and used it to nab data on the service’s users. The info may contain more than 2 million email addresses, among other things. Click to read entire article.
New Jersey Attorney General Christopher S. Porrino announced Feb. 17 that Horizon Healthcare Services Inc., the state’s largest health care provider, will pay $1.1 million and improve data security practices after allegations of failing to properly protect the privacy of close to 690,000 New Jersey policyholders. Click to read entire article.
Between May 2015 and December 2016, two VUMC patient transporters accessed information from VUMC patients’ electronic medical records, including names, birthdates, medical record identification numbers and some Social Security numbers. Click to read entire article.
A clinic with locations throughout Central Texas is warning patients their records – including medical information – might have been obtained during a data breach. In a letter sent this week, Urology Austin says it was the victim of a ransomware attack on Jan. 22. “Within minutes, we were alerted to the attack, our computer network was shut down, and we began an investigation,” the letter says. “We also began to take steps to restore the impacted data and our operations.” Urology Austin says records it believes were obtained during the attack include names, addresses, birthdates, Social Security numbers and medical records. Click to read entire article.
The FBI continues its look into a breach of personal information from about 160,000 patients serviced at some Med Center Health affiliates between 2011 and 2014. Click to read entire article.
In a March 17 ruling, a U.S. district judge said the lawsuit against Flowers Hospital in Dothan, Alabama, merited class-action status despite the lack of clear evidence that all of the individuals on whose behalf the lawsuit was filed suffered damages as a result of the 2013 breach incident, involving the theft of paper records. Click to read entire article.
Recent data breaches include a ransomware attack, a stolen server, and unauthorized access of employee emails. Click to read entire article.
Veridian Credit Union accused Eddie Bauer of deploying lax security standards, forcing Veridian and other financial institutions to bear costs related to theft of payment-card information from the clothier’s point-of-sale systems. Click to read entire article.
Verifone, the company behind many of the payment systems you see at retailers across the country, is reportedly the latest hack attack victim. Krebs on Security reports that Verifone, the largest maker of credit and debit card payment terminals, is investigating a breach of its corporate computer networks that may have targeted payment systems at dozens of gas stations. Click to read entire article.
A hacker gained access last month to about 1.4 million job seekers’ personal information on file with the Illinois Department of Employment Security’s online job board, including their names, Social Security numbers and birth dates. Click to read entire article.
After 170,000 people were announced to be part of a data breach of IdahoWorks, the Idaho Department of Labor’s job seeker program, Better Business Bureau says it’s received a number of calls from people wondering if the notification email is a scam. Click to read entire article.
Employees of Powhatan County Public Schools have been notified of a data breach that occurred Monday that has exposed their person information to a scammer. Click to read entire article.
Personal documents of school district employees were obtained by someone posing as Groton’s Schools Superintendent. Click to read entire article.
As we previously reported, Arby’s was hit with malware that infected over 1,000 of its fast food locations throughout the U.S. between October 25, 2016, and January 19, 2017, and was hit with multiple class action suits over the data breach. Click to read entire article.
Neiman Marcus has agreed to pay $1.6 million to settle a data breach class action in Illinois federal court. The three-year-old case stemmed from the December 2013 cyber attack that exposed credit card data of an estimated 350,000 Neiman Marcus shoppers. Click to read entire article.
This week Rosen Millennium Technology Group, the sister company to Rosen Hotels & Resorts, was sued by its insurance company, St. Paul Fire & Marine, which is denying coverage for a data breach that was discovered in 2016. Visa, MasterCard, and American Express have issued hefty fines against Rosen and the company may incur additional expense if customers affected by the data breach pursue any available causes of action. Click to read entire article.
For the second time this month, Daytona State College officials are warning of a potential data breach, this one potentially affecting students and parents who applied for federal financial aid. Click to read entire article.
Nearly 3,000 Idahoans’ identities are at risk after a scammer persuaded an employee to give up tax information at the Boise-based Amalgamated Sugar Co. in late February. Click to read entire article.
Spiral Toys, the parent company behind CloudPets, yesterday sent the California Attorney General a breach notification that on many fronts contradicts what experts have said about a database breach that exposed user data and private voice messages, many of which were made by children. Click to read entire article.
The Boeing Co. has traced a recent data breach involving personal information of 36,000 of its workers to an employee who sought help formatting a spreadsheet from their spouse, which resulted in the company losing control of the information for a period of time late last year. Click to read entire article.
The number of data breaches in the Middle East has risen 16.67 percent since 2015 as hackers become increasingly sophisticated, according to research. New data from global cybersecurity firm Gemalto found that approximately 45.2 million data records in the Middle East were compromised in 2016, compared to 38.5 million in the previous year. Click to read entire article.
The latest report from the Identity Theft Resource Center (ITRC) indicates that there have been 392 data breaches recorded this year through March 28, 2017, and that nearly 7.4 million records have been exposed since the beginning of the year. The total represents a 51% increase in the number of breaches to date compared with 2015. Click to read entire article.
McDonald’s Canada said on Friday (31 March) that its career website was recently hacked, compromising the personal data of around 95,000 restaurant job applicants. The accessed information included names, addresses, email addresses, phone numbers, employment background and other standard job application information of people who applied online for a job at McDonald’s Canada restaurants between March 2014 and March 2017. Click to read entire article.
Canada’s federal agencies in charge of statistics and taxes both say they have fixed vulnerabilities in their computer systems that forced them to shut down some online services over the weekend. Click to read entire article.
Pending legislation will require Canadian businesses to report cyber breaches of personal information to the Office of the Privacy Commissioner or face fines of up to $100,000. Click to read entire article.
On 22 February 2017, the Privacy Amendment (Notifiable Data Breaches) Act 2017 received Royal Assent, giving the green light to the commencement of the long-awaited mandatory data breach reporting regime in Australia. The Bill that was passed is available from here. Click to read entire article.
Quick Heal has detected a serious security breach at Cosmos Bank’s website. As per the findings, their website has been compromised by RIG Exploit Kit, and as a result, all visitors to their website are being automatically infected by the infamous Cerber Ransomware. Cosmos Bank was established in 1906. Headquartered in Pune, it is hailed as one of the oldest Urban Co-operative Banks in India.Click to read entire article.
According to media reports, US-based fast food restaurant chain, McDonald’s India app, McDelivery, has reportedly leaked the personal data of more than 2.2 Mn users. Click to read entire article.
Cyber Risk Assessment & Data Breach Services