We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. These exposures include legal liability (such as class action lawsuits), an enormous as well as crisis costs to investigate the breach, notify the victims and defend/settle lawsuits, including AG regulatory enforcement actions and fines. Also, don’t miss the items below in ORANGE.


LUNCH & LEARN WEBINAR ON NOVEMBER 16!
IoT’s Role in Transforming Healthcare

The Internet of Things (IoT) is transforming healthcare. It is propelling healthcare to shift from the hospital to the home. But IoT is still emergent and introducing new privacy and security concerns. We show why IoT is important to transforming healthcare, and how it is impacting markets globally. We also discuss IoT’s impact to the cyber risk industry supporting healthcare providers. Register now!


TELECOMMUNICATIONS
T-Mobile Security Breach Let Hackers Steal Data with Phone Numbers

A recent report has just revealed a dangerous security breach in T-Mobile’s servers, which allowed hackers to get hold of one’s data incredibly easy. Everything hackers had to do was know a user’s phone number, and then they could access their account, steal their email address, and make use of the network code of their phone. Click to read entire article.

HEALTHCARE
—CLASS ACTION ALERT—
Employees Sue Home Health Provider After Phishing Breach

A class action lawsuit claims that thousands of employees of a home healthcare services firm were harmed by the disclosure of their personal information in a breach earlier this year involving a business email compromise scam. Earlier, regulators fined the company for another breach. Three former employees of Clearwater, Fla.-based Lincare Holdings Inc., a provider of in-home respiratory care and medical equipment, filed the lawsuit Monday in U.S. district court. Click to read entire article.

—BUSINESS INTERRUPTION—
IFHS Investigates Cybersecurity Breach Of Clinic’s Computer System

Unalaska’s clinic is investigating a security breach of its computer system. The ransomware attack happened in August, according to James Kaech, executive director of Iliuliuk Family and Health Services. He said the clinic’s access to its computer system was temporarily blocked, but it seems no information was stolen. Click to read entire article.

Security breach reported at Ashland clinic

Namaste Health Care in Ashland is notifying about 1,600 patients its office experienced a security incident over the weekend of Aug. 12-13. During that weekend, it is believed someone gained improper access into the office computer systems and remotely accessed Namaste’s file server. Click to read entire article.

RETAIL
Pizza Hut suffers data breach

The payment card details of Pizza Hut’s customers were stolen by a hacker in a data breach, the company said in an email sent to affected customers. According to the email, shared on social media by some recipients, affected customers placed orders on the company’s mobile app or website between the morning of October 1 and midday on October 2. Click to read entire article.

Data breach at Whole Foods

If you recently patronized the in-store venues at Whole Foods keep an eye on your bank account. The grocery chain has advised that some of its customers’ credit card information may have been compromised at 29 different locations, including its Folsom store. Click to read entire article.

TECHNOLOGY
Disqus confirms data breach affecting 17.5 million accounts

Email addresses and other data associated with roughly 17.5 million accounts on Disqus, a popular online comment hosting service, were exposed as the result of a newly discovered security breach, according to the company. Disqus recently learned that a database containing five years’ worth of user records was breached, the company said Friday, in turn exposing the email addresses, user names, sign-up dates and last login dates for about 17.5 million registered accounts. Click to read entire article.

We Heart It says a data breach affected over 8 million accounts, included emails and passwords

We Heart It, an image-sharing site used by 40 million teens as of a couple of years ago, is informing users their personal data may have been compromised. The company was alerted to a possible security breach last week that involved over 8 million accounts, it said on Friday. The breach took place a few years ago and includes email addresses, usernames and encrypted passwords. Click to read entire article.

NON PROFIT
Data breach at Arden Hills-based Catholic financial services provider affects nearly 130K accounts

A data breach at an Arden Hills-based financial services company serving Catholic Church members in the upper Midwest has affected nearly 130,000 current and former members. The unidentified hacker accessed the first and last names, mailing addresses, dates of birth, email addresses, insurance policy information, and Social Security numbers of members. Beneficiary information, log-in credentials and other information were not accessed. Click to read entire article.

K-12 EDUCATION
Corner Brook Regional High confirms alleged computer system breach, but provides no details

There are few details available about an apparent computer hack at Corner Brook Regional High School earlier this week. Upon looking into reports there had been some sort of security compromise involving a computer system at the school Wednesday, principal Vaughn Granter did confirm Thursday for the The Western Star that there was an incident. Click to read entire article.

DIRECTORS & OFFICERS (D&O) LIABILITY
Hurricanes, data breach bite into Chipotle earnings

Chipotle shares crumbled in after-hours trading on Tuesday after the fast-casual burrito chain’s earnings badly missed expectations, a shortfall that the company blamed on fallout from a data breach and a pair of hurricanes that pummeled southeastern US states. Click to read entire article.

PUBLIC ENTITY
Georgia blocks $100 million in fraudulent tax returns, so far, in 2017

Despite major data breaches such as the one at Equifax, tax agencies — including the Georgia Department of Revenue — are reporting increasing success in the war to stop fraudulent returns from turning into big money for crooks. Department of Revenue Commissioner Lynne Riley said the state has blocked $108 million worth of fraudulent returns so far this year. Click to read entire article.

BUSINESS INTERRUPTION RISK
The Reaper IoT Botnet Has Already Infected a Million Networks

The Mirai botnet, a collection of hijacked gadgets whose cyberattack made much of the internet inaccessible in parts of the US and beyond a year ago, previewed a dreary future of zombie connected-device armies run amuck. But in some ways, Mirai was relatively simple—especially compared to a new botnet that’s brewing. The latest botnet threat, known as alternately as IoT Troop or Reaper, has evolved that strategy, using actual software-hacking techniques to break into devices instead. It’s the difference between checking for open doors and actively picking locks—and it’s already enveloped devices on a million networks and counting. Click to read entire article.

EUROPE / UK
UK companies keep close eye on Morrisons data leak case

Supermarket chain faces suit after workers’ details were posted on the internet
A landmark High Court trial of a case by Wm Morrison workers over a huge leak of personal data by a former employee will begin this week.The lawsuit was brought by 5,500 current and former Morrisons workers. They are seeking compensation over the 2014 data security breach in which payroll information of almost 100,000 staff was posted on the internet. Click to read entire article.

SOUTH AFRICA
Millions caught in South Africa’s ‘worst data breach’

Authorities in South Africa are investigating a data breach which has seen the personal details of more than 30 million citizens leaked on the internet – placing them at risk of identity theft. Click to read entire article.

ASIA/PACIFIC
Taiwanese bank tracing lost funds after hacker attacks

Police in Taiwan are taking measures to help a local bank trace lost funds due to hacker attacks, which might reduce the bank’s losses to less than 500,000 U.S. dollars. The Far Eastern International Bank reported its system was hacked earlier this week, with implanted malware affecting some of its personal computers, servers and the Society for Worldwide Interbank Financial Telecommunication’s network. Click to read entire article.

Regards,
Mark Greisiger
NetDiligence®
Cyber Risk Readiness & Response