We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. This month we’re highlighting cloud risk, a new IBM study on the cost of a data breach, cybercrime against public entities, big penalties from the UK’s ICO, along with the usual suspects – hackers, malware and ransomware. Don’t miss the items in ORANGE below.

TECH / CLOUD
Aavgo security lapse exposed hotel bookings

A security lapse at a hotel management startup has exposed hotel bookings and guests’ personal information. …Several large hotel chains, including Holiday Inn Express and Zenique Hotels, use Aavgo’s technology in their properties. Click to read entire article.

iNSYNQ CEO Asked Clients For Patience Following Ransomware Attack

A cloud-based provider of virtual desktop environments is trying to rebuild its network, as the company has experienced a major outage earlier this month following a ransomware attack. iNSYNQ, a cloud virtual desktop service provider, said that they made “quite a bit of progress” to restore the desktops that have been down for almost ten days already. Click to read entire article.

—CLASS ACTION ALERT—
GitHub faces class-action lawsuit over role in Capital One breach

Plaintiffs claim firm violated the federal Wiretap Act
The plaintiffs claim Capital One and GitHub of failing to protect customers’ personal information and said that both companies need to be held responsible for their role in the data breach. They also accuse the source-code hosting website of being involved in actively encouraging “(at least) friendly hacking”. Click to read entire article.

TELECOM
Sprint customer accounts breached by hackers

Sprint has confirmed a data breach, telling customers that hackers broke into their accounts through a Samsung website. The number of customer accounts breached isn’t yet known… Click to read entire article.

FINANCIAL SERVICES
—CLASS ACTION ALERT—
Capital One breach could affect 106 million

Capital One Financial Corp., one of the nation’s largest issuers of credit cards, said among the information obtained by the hacker was 140,000 Social Security numbers and 80,000 bank account numbers. It said no credit card account numbers or log-in credentials were compromised. Click to read entire article. Related: Capital One Hit With Class-Action Lawsuit Following Massive Data Breach

CYBER RISK STUDIES
IBM: Average data breach costs U.S. companies $8.19M

The 2019 report on the costs of data breaches was sponsored by IBM Security and researched by the Ponemon Institute in Traverse City, Michigan. Ponemon reached out to 507 companies around the world that sustained data breaches between July 2018 and April 2019 and conducted 3,211 separate interviews. Click to read entire article.

PUBLIC ENTITIES
City computers breached, data potentially stolen from 20,000 LAPD applicants

The cyberattack highlights the vulnerability of government computer systems, with the city of Los Angeles subjected to billions of hacking attempts in the last five years, according to Ted Ross, general manager of the city’s Information Technology Agency. Click to read entire article.

Louisiana’s governor declares an emergency after cyberattacks on several school systems

The governor issued a statewide emergency declaration Wednesday after the security breach was discovered in several school systems throughout the state, his office said. The declaration — the state’s first cybersecurity emergency activation — allows multiple resources to be devoted to the probe. Click to read entire article.

3rd Florida Cyberattack: Village of Key Biscayne Reports Data Breach

Key Biscayne, Florida data breach is third cybersecurity incident reported by a Florida municipality in June 2019 — joining Riviera Beach & Lake City. Click to read entire article.

Philadelphia court system website back online after six-week shutdown

After six weeks of controversy and confusion, the virus-related shutdown of the Philadelphia court system’s website is over and the remaining features of electronic filing and docket searching have been restored. Click to read entire article.

Naples $700K spear phishing attack: ‘No data breach occurred’

A scammer posing as Wright Construction Group, the company the city is working with for the 8th Street South renovation project, filed a change of bank account request on June 24. That bank account was changed and an employee deposited $700,000 into the fake bank account on July 11. The city realized the attack had occurred on August 1 when Wright Construction Group followed up with the city for their payout. Click to read entire article.

Maryland Department of Labor database breached

The Maryland Department of Labor on Friday began notifying 78,000 customers about potential unauthorized activity on two of its database systems. Click to read entire article.

RETAIL
Data breach: 23 million user records hacked and shared online

T-shirt seller CafePress has asked its customers to reset their passwords as part of an updated “password policy.” But the email request came after it was reported that the data of 23.2 million people had been exposed following a system hack in February. Click to read entire article.

HEALTHCARE
—SETTLEMENT ALERT—
Minnesota part of another multi-state data breach settlement

Premera Blue Cross will pay $10 million and take new steps to keep customers’ information safe under a settlement with 30 states. Between May 2014 and March 2015 the personal data of 38,000 Minnesotans was exposed to hackers. Click to read entire article.

Phishing Attack on California Vendor Breaches Data of 14,500 Patients

An employee of vendor California Reimbursement Enterprises fell victim to a phishing attack in March, which potentially breached the data of 14,500 patients, including those from Los Angeles County DHS. Click to read entire article.

13,000 Patients of Maine Provider Among AMCA Data Breach Victims

Maine’s Penobscot Community Health Center reports 13,000 patients were impacted by the billing services vendor AMCA data breach, which claimed victims from Quest, LabCorp, and BioReference. Click to read entire article.

AIRLINES
—LAWSUIT ALERT—
Delta Sues Software Provider Over Data Breach

Delta Airlines sued its customer service chat provider in New York federal court Thursday, accusing it of lax digital security practices that allowed a hacker to steal the personal information of more than 800,000 people. Click to read entire article.

GDPR
British Airways faces £183m GDPR fine over last year’s security breach

British Airways is facing a record fine of £183m for last year’s breach of its security systems.
The airline, owned by IAG, says it is “surprised and disappointed” by the penalty from the Information Commissioner’s Office (ICO). At the time, BA said hackers had carried out a “sophisticated, malicious criminal attack” on its website. The ICO said it was the biggest penalty it had handed out and the first to be made public under new rules. Click to read entire article.

AFRICA
Johannesburg Utility Recovering After Ransomware Attack

Incident Plunges Parts of South Africa City Into Dark
Portions of the South Africa capital of Johannesburg were left in the dark for a part of Thursday, after an unknown ransomware variant knocked out the local electrical utility’s network, databases and applications… Click to read entire article.

UK / EUROPE
Football Association of Ireland suffered from a security breach of their payroll systems

Football Association of Ireland (FAI) confirmed that they have suffered from a security breach of their payroll systems. This security breach has been discovered last month (i.e. in June 2019). Click to read entire article.

UK watchdog proposes to fine Marriott £99.2 million for data breach

Marriott International said on Tuesday the UK Information Commissioner’s Office (ICO) had proposed to fine the hotel chain 99.2 million pounds (US$124 million) due to a massive data breach in its Starwood hotels reservation system. Click to read entire article.

Digital Bank Monzo Admits to Data Breach

Monzo, an UK digital bank, admits to a data breach that affects more than 500,000 customers. Click to read entire article.

ASIA / PACIFIC
NAB breach exposes data of 13,000 customers

The National Australia Bank spent the weekend contacting customers about a data breach which exposed the personal information of 13,000 customers. The bank uploaded the personal information of some its new customers to insecure servers of two third party providers without authorisation. Click to read entire article.

India’s Jana Bank Left KYC Customer Data Exposed

A so-called “small finance” bank in India has reportedly left sensitive data on 2.6 million of its customers exposed without password protection, according to Security Discovery reports this week. Click to read entire article.

Sephora data breach hits Southeast Asia and ANZ customers

Some personal information such as first and last name, date of birth, gender, email address, and encrypted password, as well as data related to beauty preferences may have been exposed. Click to read entire article.