We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. This month we’re highlighting massive data breaches, class action lawsuits and settlements, ransomware attacks, theft of IP/trade secrets, theft of payroll money, and more! Don’t miss the items below in ORANGE.

BUSINESS INTERRUPTION
Arizona Beverages knocked offline by Ransomware Attack

Arizona Beverages, one of the largest beverage suppliers in the U.S., is recovering after a massive ransomware attack last month, TechCrunch has learned. The company is still rebuilding its network almost two weeks after the attack hit, wiping hundreds of Windows computers and servers and effectively shutting down sales operations for days until incident response was called in, according to a person familiar with the matter. More than 200 servers and networked computers displayed the same message: “Your network was hacked and encrypted.” The company’s name was in the ransom note, indicating a targeted attack. Click to read entire article.

HEALTHCARE
—CLASS ACTION SETTLEMENT ALERT—
Health IT Roundup—UCLA Health reaches $7.5M settlement over 2015 data breach

UCLA Health reached a proposed settlement for a class action lawsuit stemming from a massive data breach in May 2015 that impacted 4.5 million patients. Click to read entire article.

—LAWSUIT ALERT—
Patients Sue UConn Health over Data Breach Caused by Phishing Attack

A class-action lawsuit has been filed against UConn Health, over its reported phishing attack that potentially breached the data of 326,000 patients. Click to read entire article.

Navicent Health Data Breach Exposes Patient’s Personal Info

This breach has exposed the personal information of 270,000 patients, with some social security numbers being disclosed. Click to read entire article.

Data Breach impacted more than 4700 patients of Mary Free Bed Rehabilitation Hospital

Mary Free Bed Rehabilitation Hospital of Grand Rapids City, Michigan, has announced that more than 4,700 patients have had few of its Protected Health Information (PHI) exposed due to the ransomware attack on Wolverine Solutions Group (WSG), their billing services provider based in Detroit. Click to read entire article.

St. Francis Physician Services alerts 32,000 patients of data breach at former hospital

A security breach at Greenville, S.C.-based St. Francis Physician Services’ former medical center may have compromised data from more than 32,000 patients, HIPAA Journal reports. Affected patient records from Greenville-based Milestone Family Medicine, a medical center previously affiliated with SFPS, include information such as names, addresses, health insurance information, Social Security numbers and dates of birth. Click to read entire article.

TECHNOLOGY
Emails of nearly 1 billion people leaked in massive data breach

The emails of nearly 1 billion people were leaked in what experts say is likely the biggest data breach of all time, according to reports. At least 982 million users’ personal information was exposed during the tech firm Verifications.io’s massive privacy breach late last month, according to Unilad.co.uk. Click to read entire article.

RETAIL
Restaurant data breach impacts more than 2 million people

The owner of Planet Hollywood and Buca di Beppo restaurants is warning customers about a data breach that lasted 10 months. Earl Enterprises, the owner of Planet Hollywood and several other chains, says it has now resolved the issue after identifying malware installed on point-of-sale systems used at its restaurants. Click to read entire article.

IP / TRADE SECRETS
ASML says it suffered intellectual property theft, rejects ‘Chinese’ label

Dutch ASML said on Thursday it had been the victim of corporate espionage in 2015 involving employees from countries including China but said it had not been the target of any “national conspiracy”. ASML said the perpetrators took “large files” on memory sticks from its Silicon Valley software subsidiary that develops software for machine optimization. Click to read entire article.

PUBLIC ENTITY
Cyberattack diverts almost $500,000 out of city of Tallahassee payroll account

Nearly half a million dollars was diverted out of the city of Tallahassee’s employee payroll this week after a suspected foreign cyberattack of the city’s human resources management application. Click to read entire article.

2 Million Emails of 350K+ Clients Possibly Exposed in Oregon DHS Data Breach

The Oregon Department of Human Services (DHS) announced that roughly 2 million emails with Protected Health Information (PHI) from more than 350,000 customers have been potentially exposed after 9 employee mailboxes were compromised in a spear phishing attack. Click to read entire article.

State computer hackers threaten thousands of Minnesotans’ data

Computer hackers have gained access to thousands of Minnesotans’ data stored in state computers during the past year, including 35,000 people who deal with the Department of Human Services. Click to read entire article.

AUTOMOTIVE
New Toyota Data Breach Exposes Personal Information of 3.1 Million Customers

Over the past six months, Toyota Motor Corporation has been the victim of a series of data breaches in Australia, Thailand, Vietnam and Japan. The latest data breach in Japan is the most serious in nature, impacting the personal information of as many as 3.1 million customers. Click to read entire article.

HIGHER EDUCATION
Data breach exposes up to 1.3M Georgia Tech faculty, students

The school disclosed the breach, its second in less than a year, on Tuesday, saying it feared the exposed information included names, addresses, social security numbers and birth dates. Tech spokesman John Toon said officials at the school, which typically has around 30,000 students enrolled, learned in “late March” that a central database had been accessed by an unknown outside entity. Click to read entire article.

WSU to pay up to $4.7M for data theft involving 1.2M people

Washington State University has agreed to pay up to $4.7 million to settle a lawsuit that came after a hard drive containing the personal information of more than a million people was stolen from a self-storage locker in 2017. Click to read entire article.

UTILITIES
Winnsboro utility billing system attacked by malware

Officials with Franklin Parish Sheriff’s office and the FBI are investigating a security breach of Winnsboro’s utility billing system Jan. 15, said Winnsboro Mayor Sonny Dumas. Several $1,000 were electronically transferred out of the utility billing account over a five-day period. Click to read entire article.

EUROPE / UK
HACK ALERT More than a million Asus laptops have been hacked – how to check if you’re affected

HACKERS have hijacked Asus laptop software and potentially installed malware on over a million computers. Click to read entire article.

Police Federation Confirms Ransomware Breach

The Police Federation of England and Wales (PFEW) has confirmed that it has suffered a ransomware attack, but has said that it was not specifically targetted and was likely to have been impacted as part of a wider campaign. Click to read entire article.

$6.5 Million Class-Action Suit Over Ticketmaster Data Breach Filed

A law firm in the UK has launched a $6.5 million lawsuit against Ticketmaster over the massive data breach that took place in the summer of 2018, according to multiple media outlets. Click to read entire article.

ASIA PACIFIC
Symantec blames espionage group for SingHealth breach

Symantec researchers have discovered a new cyber espionage group dubbed Whitefly, which the vendor believes is responsible for a string of cyber attacks targeting Singapore-based organisations, including the highly publicised SingHealth data breach. Click to read entire article.

Cyber pirates hit SA/NT MS Society, demand for ransom refused

The marauders used online grappling hooks to breach the system and take the charity’s computer system hostage then demanded payment – but the Society refused to bow to the infiltrators after immediately locking down its system. Click to read entire article.