We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. France slaps Google with a huge fine, more than 140 airlines affected by a third-party breach, more 24 million financial documents exposed by a third-party breach, settlements in the Neiman Marcus, Sonic, and Arby’s breaches – and more! Don’t miss the items below in ORANGE.

GDPR
With a $57 million fine against Google, France kicks off the post-GDPR era

France’s data-privacy watchdog, known as the CNIL, slapped Google with a €50 million ($56.8 million) fine on Monday (Jan. 21), claiming the US tech giant was in breach of Europe’s new General Data Protection Regulation (GDPR), which was designed to protect consumers’ rights to privacy and anonymity when it comes to the data they share with businesses. Click to read entire article.

MANUFACTURING
OXO International discloses data breach, customer data over two years impacted

The New York-based manufacturer of homeware, office supplies, and kitchen utensils filed a data breach advisory with the California Attorney General’s Office, and a letter drawn up for customers indicates that the data breach occurred between June 2017 and October 2018. Click to read entire article.

AIRLINES
Over 140 International Airlines Affected by Major Security Breach

Potential attackers could view and change private information in flight bookings made by millions of customers of major international airlines because of a security issue in the Amadeus online booking system found by Safety Detective’s Noam Rotem. Currently, the Amadeus ticket booking system is being used by 141 international airlines which gives it control over 44% of the global online reservation market, with United Airlines, Lufthansa, and Air Canada being some of its clients. Click to read entire article.

K-12 EDUCATION
San Diego District Breach Derails Data of More than 500,000

In late December, families in the San Diego Unified School District were notified of a data breach launched through successful phishing emails. The number of affected people totaled more than 500,000, according to the district. Click to read entire article.

GAMING
Epic patches Fortnite security hack that may have exposed more than 200 million players’ data

With a ship big enough to hold millions of people, there’s bound to be a few pirates. According to a report by cybersecurity firm Check Point, a security flaw in Fortnite’s platform may have exposed the credit card data, personal information, and even voice chat audio of the game’s entire player base, which totals more than 200 million people. Click to read entire article.

HEALTHCARE
Victim Count in Alaska Health Department Breach Soars
2018 Breach Report Said 501 Affected, But Now Up to 700,000 Being Notified

The Alaska Department of Health and Social Services, which reported the breach, has a rocky security record. For example, back in 2012, it was fined $1.7 million as part of a HIPAA settlement for a breach reported in 2009 involving the theft of an unencrypted USB drive potentially containing Medicaid beneficiaries’ health information. Click to read entire article.

Valley Hope Association investigation reveals potential unauthorized access to patient data

The Valley Hope Association, a drug and alcohol addiction treatment organization with 16 facilities in seven states, has notified patients about a data security breach that may have potentially exposed patient data to unauthorized access. Click to read entire article.

Breach exposes some Michigan patients’ personal information

Officials say a security breach at a Michigan provider of HIV/AIDS care services and substance abuse treatment has compromised some patients’ personal and medical information. Sacred Heart Rehabilitation Center says a “limited number of patients” were notified about the breach linked to a phishing scheme that affected an employee’s email account last April. The organization says affected information included Social Security numbers, full names and addresses. Click to read entire article.

Data breach affects 15,000 medicare customers of Blue Cross Blue Shield of Michigan

Around 15,000 Medicare advantage members of Blue Cross Blue Shield of Michigan might have affected by a potential data breach. The healthcare and health insurance provider stated that the theft of its employee’s laptop on October 26, 2018, may have compromised the customers’ personal information. Click to read entire article.

FINANCIAL SERVICES
Cyberattack on SEC Holds Warnings for All Organizations About Data Theft

The U.S. Securities and Exchange Commission, which recently levied millions of dollars in fines against major corporations last year for allegedly allowing data theft by cyber attackers, has found itself similarly victimized by an international insider trading ring, according to a federal civil complaint and grand jury indictment. Click to read entire article.

Millions of bank loan and mortgage documents have leaked online

A trove of more than 24 million financial and banking documents, representing tens of thousands of loans and mortgages from some of the biggest banks in the U.S., has been found online after a server security lapse. … With help from TechCrunch, the leak was traced back to Ascension, a data and analytics company for the financial industry, based in Fort Worth, Texas. Click to read entire article.

PUBLIC ENTITY
Foster children’s data exposed by Franklin County Children Services error

Foster children’s data exposed by Franklin County Children Services error
Letters containing identifying information about Franklin County foster children, including their Social Security numbers, were mailed to the wrong foster parents and family caregivers, Franklin County Children Services said Tuesday. Click to read entire article.

Six years after massive S.C. data breach, credit monitoring still vital

Six years after the largest data breach in South Carolina history left more than 6 million personal and business tax filers’ data exposed, the state still isn’t as prepared as it should be for future cyberattacks. Click to read entire article.

CLOUD
Data breach following vulnerabilities in RupeeReedee’s data stack on Amazon

RupeeRedee’s director, Jitin Bhasin released this statement after vulnerabilities in RuppeeRede’s Amazon cloud resulted in the breach of customers’ data. Data leaked include scans of customers’ Pan cards and unique ID numbers. Click to read entire article.

RETAIL
Texas, other states reach $1.5 million settlement with Neiman Marcus over data breach

Texas Attorney General Ken Paxton has reached a $1.5 million settlement with Dallas-based retailer Neiman Marcus resolving a data breach investigation that started in 2014. Click to read entire article.

Class action settlement reached in Sonic data breach case

Less than two years after a data breach affected customers of a local fast-food chain, a settlement has been reached and some customers might be eligible for a cash payment. Click to read entire article.

Warby Parker Cyberattack Affects 198K Accounts

Online glasses retailer Warby Parker was hit by a cybersecurity attack that affected about 198,000 of its customers from late September to late November, according to reports. Click to read entire article.

Arby’s Data Breach Class Action Settlement

Plaintiffs have secured a $2 million settlement in a class action lawsuit over an alleged Arby’s data breach. Click to read entire article.

CANADA
BigLaw associate was duped into transferring over $2.5M to fraudster’s account, decision reveals

An associate at Dentons Canada was duped into transferring more than $2.5 million into a fraudster’s account, according to an opinion by an Ontario judge in an insurance coverage dispute. Click to read entire article.

ASIA
772 million email IDs outed in what could be largest data breach ever?

In what could be the biggest data breach in recent times, over 772 million email addresses and 22 million unique passwords have been outed in a collection of files uploaded to cloud service MEGA. Click to read entire article.

900,000 customers at risk after Cebuana Lhuillier data breach

Diversified financial services firm Cebuana Lhuillier, known nationwide [India] for its remittance services, suffered a nationwide data breach that puts at risk all the personal data of the company’s 900,000 customers. Click to read entire article.

Firms fined $1M for SingHealth data security breach

SingHealth and Singapore’s public healthcare sector IT agency IHIS have been slapped with S$250,000 and S$750,000 financial penalties, respectively, for the July 2018 cybersecurity attack that breached the country’s personal data protection act. The fines are the highest dished out to date. Click to read entire article.