We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. These exposures include legal liability (such as class action lawsuits), an enormous as well as crisis costs to investigate the breach, notify the victims and defend/settle lawsuits, including AG regulatory enforcement actions and fines. Also, don’t miss the items below in ORANGE.
The Internet of Things (IoT) is a key building block for digital business. It is also quickly emerging as a key component for almost every aspect of human interaction. But IoT is still emergent and potentially a security risk. Vinny Sakore, NetDiligence CTO, discusses why IoT is important, how to identify IoT hot spots in your business, and the technologies and methodologies to secure them. Register now!
Up to six million accounts on photo-sharing app Instagram were potentially leaked via a bug exploited by cybercriminals. The breach was discovered after actress Selena Gomez’s account was hacked last week. Click to read entire article.
A US judge has ruled that Yahoo must face nationwide litigation brought on behalf of over 1bn users who said their personal information was compromised in three data breaches, Reuters reports. While the breaches occurred between 2013 and 2016, Yahoo did not reveal that the first one had happened until 2016. Click to read entire article.
The latest security breach targeted British software firm Piriform, known for its free software CCleaner. Hackers compromised CCleaner in a sophisticated attack that affected over 2 million computers, security researchers and Piriform confirmed Monday. Click to read entire article.
Hackers Breached Emails, Client Data Stored In Microsoft Azure Cloud Service
The “big four” accounting firm, based in New York, suffered a breach last year that may have exposed 5 million internal emails as well as “usernames, passwords, IP addresses, architectural diagrams for businesses and health information,” the Guardian first reported. Click to read entire article.
Hackers breached the U.S. Securities and Exchange Commission’s computer system last year by taking advantage of companies that used authentic financial data when they were testing the agency’s corporate filing system, according to sources familiar with the matter. The Federal Bureau of Investigation and the U.S. Secret Service have since launched an investigation into a 2016 hack into the SEC’S EDGAR system, several of those people said. Click to read entire article.
National Bank of Canada says a website error may have exposed the personal information of nearly 400 of its customers, including their names, birthdates, phone number and email address. Click to read entire article.
A Chicago law firm has filed a class-action lawsuit against Equifax in the wake of a massive security breach that compromised millions of Americans’ personal information, including social security numbers. Click to read entire article.
The West Virginia Department of Environmental Protection is investigating a computer breach. It has prompted the DEP to take external applications offline. Click to read entire article.
Schuyler County’s computer system is gradually recovering from an Aug. 29 malware attack that caused some county employees’ screens to go blank for days. Click to read entire article.
About 500 medical assistance recipients in Pennsylvania had their benefit renewal notices, which contained some personal information, sent to the wrong address. The state Departments of Human Services and General Services announced the error that occurred in July on Friday afternoon. Click to read entire article.
The Alaska Department of Health and Social Services is continuing to investigate a computer breach that may have disclosed personal information of individuals who have interacted with the Alaska Office of Children’s Services. Click to read entire article.
Aetna Inc. is now facing a second lawsuit over the disclosure of HIV-related prescription information that was “clearly visible” through a transparent window on envelopes sent to 12,000 policyholders in late July. Click to read entire article.
Morehead Memorial Hospital on Friday said a data breach has potentially exposed patient and employee information. The hospital said personal data may have been obtained through a phishing attack that affected two employee email accounts. Click to read entire article.
The Community Memorial Health System announced Tuesday it will notify hundreds of patients that their personal information could have been accessed in a recent security breach. An investigation started after an employee’s email account was compromised on June 22 in a phishing scam, officials said. Click to read entire article.
On the evening of September 1st, 2017, an unknown attacker conducted a series of massive DDoS attacks on the servers of America’s Cardroom and its Winning Poker Network (WPN) forcing its services including Online Super Series (OSS) Cub3d to go offline.
Click to read entire article.
Sensitive information about more than four million users of an app created by Time Warner Cable has been accidentally exposed online. Click to read entire article.
It’s significant — and startling — that the attacks being attributed to Dragonfly 2.0 began with spearphishing emails enticing victims to open a malicious attachment. But it’s not surprising. The notion that there may be nation-state or rogue actors who have been resident in the networks of nuclear facilities, electrical grids, and dams isn’t far-fetched. Click to read entire article.
The malicious outsider attack on food delivery app Zomato that exposed 17 million records was the sixth biggest data breach globally in the first half of 2017, a new report said on Thursday. According to the “Breach Level Index” released by digital security firm Gemalto, a total of 203.7 million data records were compromised in 18 data breaches in India in the first half. Click to read entire article.
A startup, four banks and a superstore are understood to be among a number of organizations hit by a Swedish hacking and fraud attack that has now led to trial. Click to read entire article.
The INTO has warned that hackers may have compromised its online learning portal, exfiltrating users’ personal data. That includes names, email addresses, city, country, gender and information related to courses—all perfect fodder for follow-on phishing attempts. Click to read entire article.
The world’s biggest diamond producer hired an external investigator to find the source of possible leaks of its most sensitive price data, according to people familiar with the matter. De Beers hired investigators from KPMG International in South Africa to find the source of the leaks, according to the people, who asked not to be identified because the matter is private. Click to read entire article.
The personal data of about 5,400 past and present customers of AXA Insurance here (Singapore) has been stolen in a cyber attack. Click to read entire article.
Cyber Risk Readiness & Response