We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. These exposures include legal liability (such as class action lawsuits), an enormous as well as crisis costs to investigate the breach, notify the victims and defend/settle lawsuits, including AG regulatory enforcement actions and fines. Also, don’t miss the items below in ORANGE.


LUNCH & LEARN WEBINAR ON OCTOBER 19!
IoT: Managing Risk in a Connected World

The Internet of Things (IoT) is a key building block for digital business. It is also quickly emerging as a key component for almost every aspect of human interaction. But IoT is still emergent and potentially a security risk. Vinny Sakore, NetDiligence CTO, discusses why IoT is important, how to identify IoT hot spots in your business, and the technologies and methodologies to secure them. Register now!


TECHNOLOGY
Insta-breach: Six million Instagram accounts may have been leaked

Up to six million accounts on photo-sharing app Instagram were potentially leaked via a bug exploited by cybercriminals. The breach was discovered after actress Selena Gomez’s account was hacked last week. Click to read entire article.

—CLASS ACTION ALERT—
Yahoo must face litigation over data breaches, judge rules

A US judge has ruled that Yahoo must face nationwide litigation brought on behalf of over 1bn users who said their personal information was compromised in three data breaches, Reuters reports. While the breaches occurred between 2013 and 2016, Yahoo did not reveal that the first one had happened until 2016. Click to read entire article.

Hackers infiltrate popular free PC cleaning software

The latest security breach targeted British software firm Piriform, known for its free software CCleaner. Hackers compromised CCleaner in a sophisticated attack that affected over 2 million computers, security researchers and Piriform confirmed Monday. Click to read entire article.

PROFESSIONAL SERVICES
—CLOUD CAUSED—
Report: Deloitte Suffered Breach Last Year
Hackers Breached Emails, Client Data Stored In Microsoft Azure Cloud Service

The “big four” accounting firm, based in New York, suffered a breach last year that may have exposed 5 million internal emails as well as “usernames, passwords, IP addresses, architectural diagrams for businesses and health information,” the Guardian first reported. Click to read entire article.

WALL STREET
Here’s the Latest About What the SEC Hackers Stole

Hackers breached the U.S. Securities and Exchange Commission’s computer system last year by taking advantage of companies that used authentic financial data when they were testing the agency’s corporate filing system, according to sources familiar with the matter. The Federal Bureau of Investigation and the U.S. Secret Service have since launched an investigation into a 2016 hack into the SEC’S EDGAR system, several of those people said. Click to read entire article.

FINANCIAL SERVICES
National Bank reports data breach

National Bank of Canada says a website error may have exposed the personal information of nearly 400 of its customers, including their names, birthdates, phone number and email address. Click to read entire article.

Class-Action Lawsuit Filed Against Equifax After Massive Data Breach

A Chicago law firm has filed a class-action lawsuit against Equifax in the wake of a massive security breach that compromised millions of Americans’ personal information, including social security numbers. Click to read entire article.

PUBLIC ENTITY
—BUSINESS INTERRUPTION—
Computer breach means W.Va. DEP applications offline temporarily

The West Virginia Department of Environmental Protection is investigating a computer breach. It has prompted the DEP to take external applications offline. Click to read entire article.

County recovering from computer attack

Schuyler County’s computer system is gradually recovering from an Aug. 29 malware attack that caused some county employees’ screens to go blank for days. Click to read entire article.

State data breach affecting 500 Medicaid recipients blamed on faulty mail machine

About 500 medical assistance recipients in Pennsylvania had their benefit renewal notices, which contained some personal information, sent to the wrong address. The state Departments of Human Services and General Services announced the error that occurred in July on Friday afternoon. Click to read entire article.

State investigation into Alaska children’s services data breach still underway

The Alaska Department of Health and Social Services is continuing to investigate a computer breach that may have disclosed personal information of individuals who have interacted with the Alaska Office of Children’s Services. Click to read entire article.

HEALTHCARE
—CLASS ACTION ALERT—
Aetna Hit With Second “Envelope” Lawsuit

Aetna Inc. is now facing a second lawsuit over the disclosure of HIV-related prescription information that was “clearly visible” through a transparent window on envelopes sent to 12,000 policyholders in late July. Click to read entire article.

Morehead Memorial Hospital: Data breach may have leaked patient and employee information

Morehead Memorial Hospital on Friday said a data breach has potentially exposed patient and employee information. The hospital said personal data may have been obtained through a phishing attack that affected two employee email accounts. Click to read entire article.

—STAFFER PHISHED;
Community Memorial Health System alerts patients of possible data breach

The Community Memorial Health System announced Tuesday it will notify hundreds of patients that their personal information could have been accessed in a recent security breach. An investigation started after an employee’s email account was compromised on June 22 in a phishing scam, officials said. Click to read entire article.

ONLINE GAMING
—BUSINESS INTERRUPTION—
Attacker demands ransom after series of DDoS attacks on Poker site

On the evening of September 1st, 2017, an unknown attacker conducted a series of massive DDoS attacks on the servers of America’s Cardroom and its Winning Poker Network (WPN) forcing its services including Online Super Series (OSS) Cub3d to go offline.
Click to read entire article.

MOBILE APP/MEDIA/CLOUD
Data breach hits four million Time Warner app users

Sensitive information about more than four million users of an app created by Time Warner Cable has been accidentally exposed online. Click to read entire article.

UTILITIES
Symantec Warn Of Dragonfly 2.0 Attacks On Power Grids

It’s significant — and startling — that the attacks being attributed to Dragonfly 2.0 began with spearphishing emails enticing victims to open a malicious attachment. But it’s not surprising. The notion that there may be nation-state or rogue actors who have been resident in the networks of nuclear facilities, electrical grids, and dams isn’t far-fetched. Click to read entire article.

BREACH RESEARCH
Zomato Data Breach Sixth Biggest Globally in First Half of 2017: Gemalto

The malicious outsider attack on food delivery app Zomato that exposed 17 million records was the sixth biggest data breach globally in the first half of 2017, a new report said on Thursday. According to the “Breach Level Index” released by digital security firm Gemalto, a total of 203.7 million data records were compromised in 18 data breaches in India in the first half. Click to read entire article.

EUROPE / UK
Multi-million data breach and fraud trial to get under way in Sweden

A startup, four banks and a superstore are understood to be among a number of organizations hit by a Swedish hacking and fraud attack that has now led to trial. Click to read entire article.

30,000 Irish Teachers Hit By Union Breach

The INTO has warned that hackers may have compromised its online learning portal, exfiltrating users’ personal data. That includes names, email addresses, city, country, gender and information related to courses—all perfect fodder for follow-on phishing attempts. Click to read entire article.

SOUTH AFRICA
—IP BREACH—
De Beers Hired Leak Hunter to Probe Gem Data Breach

The world’s biggest diamond producer hired an external investigator to find the source of possible leaks of its most sensitive price data, according to people familiar with the matter. De Beers hired investigators from KPMG International in South Africa to find the source of the leaks, according to the people, who asked not to be identified because the matter is private. Click to read entire article.

ASIA/PACIFIC
Hackers steal personal data of 5,400 AXA customers

The personal data of about 5,400 past and present customers of AXA Insurance here (Singapore) has been stolen in a cyber attack. Click to read entire article.

Regards,
Mark Greisiger
NetDiligence®
Cyber Risk Readiness & Response