We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. 2018 ended with a bang: massive data breaches affecting multi-millions of people, lawsuits – class actions amd state AGs, a legal ruling in Pennsylvania that could open the floodgate to “hundreds of thousands of lawsuits,” the staggering number of data breaches reported since GDPR, and more. Also, don’t miss the items below in ORANGE.

HEALTHCARE
Atrium Health data breach exposed 2.65 million patient records

The security incident also exposed an estimated 700,000 Social Security numbers.
Between September 22 and September 29, an unauthorized threat actor was able to gain access to databases containing the records, which included names, home addresses, dates of birth, insurance policy information, service dates, medical record numbers, and account balances. Click to read entire article.

12 AGs sue medical records company for HIPAA data breach

The civil suit was filed Tuesday in the U.S. District Court for the Northern District of Indiana against a Fort Wayne company, Medical Informatics Engineering Inc., over a 2015 data breach during which hackers accessed the personal patient information of more than 3.9 million individuals stored in an electronic medical records database for dozens of institutions. Click to read entire article.

LifeBridge Health faces class-action lawsuit stemming from massive cyberbreach in 2016

Law firm Murphy, Falcon & Murphy has filed a statewide class action lawsuit against Baltimore provider LifeBridge Health on behalf of more than 530,000 consumers whose personal information including Social Security numbers, birth dates, names, addresses, health insurance information, client treatment information, and medical diagnoses were stolen. Click to read entire article.

The 15 largest health data breaches of 2018

This past year, healthcare organizations were hit by rising challenges to data security. A variety of industry companies were victimized and reported significant numbers of records put at risk by hackers. Here are the 15 largest breaches covered by Health Data Management this year. Click to read entire article.

Data Breach Could Impact 47K Patients Treated At North Texas Hospital

Baylor Scott & White Medical Center – Frisco is warning patients about a credit card data breach that could impact approximately 47,000 patients or guarantors. The hospital said it discovered the breach on September 29. Click to read entire article.

Cyber criminals target cancer patients in possible medical data breach

“Regrettably, we’ve learned that Jobscience, Inc., the vendor which we’ve used for online employment application services since 2006, had a data breach which may have involved information from individuals who applied for jobs at Huntsville Hospital. Because of this, notification letters are being sent to the affected persons. Click to read entire article.

MEDIA
Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S.

What first arose as a server outage was identified Saturday as a malware attack, which appears to have originated from outside the United States and hobbled computer systems and delayed weekend deliveries of the Los Angeles Times and other newspapers across the country. Click to read entire article.

SOCIAL MEDIA
Google+ continues to sink with a second massive data breach. Abandon ship now

Google had planned to close the Google+ social network in August 2019, but the date can’t come quickly enough: A second massive data breach was just revealed, only a few months after the previous. In a blog post by the Mountain View, California-based company, Google notes that the most recent breach has affected over 52.5 million users worldwideClick to read entire article.

HOSPITALITY
Marriott Announces Massive Data Breach

On November 30, Marriott announced that it experienced a massive data breach affecting 500 million customers over a four-year span. By the next business day after its announcement, Marriott faced at least a dozen putative class action lawsuits and at least two regulatory investigations. Click to read entire article.

Marriott Sued for $12.5 Billion Over Massive Data Breach

Marriott is having a bad day that was just made over 12 billion times worse after a class action lawsuit was filed for what attorneys are classifying as a “digital infestation.” Click to read entire article.

PUBLIC ENTITY
Wright County alerting residents of data breach involving county employee

Taking work home with you sounds like something a hardworking employee would do, unless that work includes private, sensitive data like it did with one employee in Wright County. The county knew about the data breach for seven months before notifying possible victims. … In December 2016, one of those employees, a senior developer in the IT department, copied a database full of sensitive personal information onto a USB drive. Click to read entire article.

900+ residents’ information compromised in Town of Christiansburg data security breach

The scam targeted email accounts of three town employees which contained personally identifiable information from some members of the public, the town said in a news release. There is no evidence that any of the information has been misused. Click to read entire article.

Hackers attack Seneca’s computer systems; customers warned of breach

The City of Seneca warns people who do business with the City that their banking information may have been compromised following an attack on its computer system. Click to read entire article.

HIGHER EDUCATION
Data Breach at Cape Cod Community College

[S]everal computers in the Nickerson Administration Building on the Cape Cod Community College Campus were attacked by a phishing scheme containing sophisticated, malicious malware designed to evade common antivirus software. As a result of this attack, College banking information was compromised and $807,130 was fraudulently transferred. Click to read entire article.

TECHNOLOGY
Quora Discloses Data Breach

The crowdsourced question-and-answer site said 100 million users were affected.
Quora announced Monday night a “malicious third party” gained access to one of its computer systems, potentially exposing the account data, including private messages, of about 100 million users. … Quora is headquartered in Mountain View, California, but the company operates in EU countries, making it subject to 72-hour public disclosure window required under Europe’s new data protection regulations. Click to read entire article.

RETAIL
Caribou Coffee notifies customers of data breach

Retailer said 265 stores were tied to monthslong theft of customer data.
The company declined to say how many people were affected. In a notice posted on its website and sent to media organizations, Caribou Coffee listed 265 company-owned stores that were tied into the point-of-sale system that was attacked. Click to read entire article.

Dunkin’ warns customers of data breach

An external security vendor informed the coffee chain that on October 31, 2018, third-parties obtained usernames and passwords through external companies’ security breaches and attempted to log into some DD Perks accounts, the company said. Click to read entire article.

BeatStars discloses security breach in Twitter live stream

BeatStars, a marketplace for selling music production beats, has disclosed a security breach today. In a Periscope live stream shared on Twitter, Abe Batshon, BeatStars CEO revealed that the mysterious cause of the site’s downtime on Monday was an unauthorized access of its servers. Click to read entire article.

CYBER RISK LEGAL RULINGS
Penn. High Court Rules Employer Has Duty to Safeguard Employees’ Personal Info

The Trial Court also explained that “hundreds of thousands of lawsuits” could result from the employees’ proposed solution of creating a private negligence cause of action to recover actual damages, which would overwhelm the judicial system and require entities to expend substantial resources in defending against those actions. Click to read entire article.

UK / EU
GDPR: 8,000 Data Breach Reports Filed So Far in UK

Privacy Watchdog Counts 41 Daily Breach Reports Since GDPR Enforcement Began
The U.K.’s privacy watchdog says that six months after enforcement of the EU’s General Data Protection Regulation began, it’s seen a dramatic increase in the number of data breach reports. Click to read entire article.

Uber Fined $1.7M Over 2016 Data Breach And Cover-Up

The UK and the Netherlands want compensation.
Uber has been fined $1.7M by data protection regulators in the UK and Netherlands. The close to $2 million judgement comes two years after the 2016 data breach and subsequent cover-up that affected 57 million people worldwide. Click to read entire article.