We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. This month we’re highlighting the growing menace of ransomware, big breaches in retail and social media, a new study from AppRiver on the cost of data breaches for SMEs, and alleged failures of corporate executives to handle breaches responsibly. Don’t miss the items in ORANGE below.

RANSOMWARE
—NO PAY, RESTORE FROM BACKUP—
Ransomware demanded $5.3M from Massachusetts city in July attack

The hackers behind the Ryuk ransomware that’s extorted several local governments across the United States for six-figure payments this year might have gotten a bit too hungry in July when they went after New Bedford, Massachusetts, for more than $5 million, but came away empty-handed when the city elected to restore its systems internally. Click to read entire article.

Radio giant Entercom hacked for $500,000 ransom, reports say

Entercom Communications Corp., the owner of KYW, WIP, WOGL, B101, and other Philadelphia stations, was hacked over the weekend, freezing its emails and causing computer systems to crash, according to published reports and sources. Click to read entire article.

—2ND ATTACK IN A YEAR!—
Wolcott Public Schools go offline once again following a possible second ransomware attack

Wolcott police are investigating a cyber attack that has left teachers and students without access to the district’s computer systems, including internet and email, for the second time this year. Click to read entire article.

Police investigate attempted Sherman School data breach

State Police are investigating the discovery of ransomware on Sherman School computer servers last month. “We discovered that our system was infected with a virus that affected our ability to access our files,” Melendez said. “We immediately began to investigate with the assistance of a third-party forensic investigator to determine the nature and scope of the incident, and to assist with the remediation.” Click to read entire article.

RETAIL
DoorDash suffered a data breach that affected 4.9 million people

DoorDash confirmed it suffered a data breach affecting roughly 4.9 million delivery people and merchants. …DoorDash said it noticed unusual activity from a third-party service provider earlier in September.Click to read entire article.

—LAWSUIT ALERT—
New York AG Sues Dunkin’ for ‘Glazing’ Over Cyberattacks Targeting Thousands of Customers

AG Letitia James alleges that in one instance hackers accessed more than 300,000 customer accounts in 2018, but the company failed to properly disclose they were accessed without authorization. Click to read entire article.

PUBLIC ENTITIES
—OPERATIONAL DISRUPTION/OUTAGE—
City of Robstown still working to recover evidence lost in ransomware attack

The City of Robstown is still working to recover important evidence lost in a data breach including a number of police photographs and videos from cases dating back from 2018 through this year. Click to read entire article.

HEALTHCARE
—VENDOR CAUSED—
114,000 customers alerted by Wisconsin Diagnostic Laboratories about data breach

Wisconsin Diagnostic Laboratories becomes another victim to notify their patients about the data breach caused as a result of the AMCA (American Medical Collection Agency) incident. The other victims of the AMCA breach included Quest Diagnostics, Clinical Pathology Laboratories, LabCorp, American Esoteric Laboratories, as well as others, totaling 23 affected covered entities and almost 25 million patient records. Click to read entire article.

Providence Health Plan notifying 122K members of 3rd-party data breach

Providence Health Plan is notifying about 122,000 members that their personal information may have been exposed in a security breach at the program’s dental plan administrator, Virginia-based Dominion National. Click to read entire article.

AUTOMOTIVE/AIRLINES
—WIRE FRAUD—
Toyota Subsidiary Loses $37 Million Due to BEC Scam

A European subsidiary of the company, Toyota Boshoku Corporation, was targeted by hackers as part of a business email compromise (BEC) scam. Total financial losses from the BEC scam are reportedly close to $37 million. …”It’s reasonable to assume that Toyota’s global infrastructure has been compromised to some extent. There is a multiplier effect at work with successful hacks – each one opens up numerous new opportunities to steal money, IP, data or identities.” Click to read entire article.

Data Breach Leaks 198M Car Buyers’ Personal Data

The unsecured database held 198 million records, including names, email addresses, phone numbers, street addresses and “other sensitive or identifiable information exposed to the public internet in plain text…” Click to read entire article.

—SETTLEMENT ALERT—
British Airways data hack victims ‘could get up to £16,000 compensation’ as airline launches its own class action lawsuit

HALF A MILLION British Airways data hack victims could be in line for pay-outs as the airline launches its own class action lawsuit. Click to read entire article.

Delta Airlines Sues Vendor for Data Breach

According to the Complaint, on March 28, 2018, Delta was notified by [24]7.ai that a security incident had potentially compromised personally identifying information and payment card data of up to 825,000 of Delta’s customers. Click to read entire article.

SOCIAL MEDIA
Facebook accidentally leaks phone numbers of 419 million users

The phone numbers of hundreds of millions of Facebook users have been discovered online in the latest major data breach for the social network. A security researcher found 419 million records on an unsecured server, meaning no password was needed to access them. Click to read entire article.

EMPLOYMENT SEARCH
How Much Responsibility Should Monster.com Take for Third Party Data Breach?

Leading employment search site Monster.com appears to have been the source of thousands of exposed resumes discovered in a third party data breach last week. While the breach did not contain financial information, the United States-based company has been adamant that it does not have any responsibility to notify end users when a business partner is breached – an attitude that is at odds with privacy regulations in much of the rest of the world, and may have run Monster.com afoul of some state laws.Click to read entire article.

D&O LIABILITY
FedEx Brass Downplayed Cyberattack, Shed Stock, Suit Says

A shareholder derivative suit filed Wednesday in Delaware federal court claims that FedEx Corp. misled investors by downplaying the impact of the massive 2017 cyberattack known as “NotPetya” on its European subsidiary while executives shed company stock. Click to read entire article.

BUSINESS INTERRUPTION (DDoS)
WoW Classic Down AGAIN: Blizzard server status offline following new DDoS attack

Whether it’s another DDoS attack isn’t clear, but fans are beginning to get frustrated and demanding refunds from Blizzard themselves. Click to read entire article.

CYBER RISK STUDIES
SMBs Severely Underestimate Data Breach Costs

$149,000: the average cost of a data breach for a small-to-medium-sized business, according to AppRiver. Click to read entire article.

CANADA
—CLASS ACTION ALERT—
N.W.T. faces lawsuit over health data breach that could affect all residents

The Northwest Territories is facing a lawsuit over a stolen laptop containing medical files that could include information on every resident in the territory. The files were not encrypted and contained data on all kinds of physical and mental-health services to anyone who sought care in the territory, including visitors. Click to read entire article.

UK/EUROPE
—CLASS ACTION ALERT—
Lawsuit Alleges Publisher Breach Affected 1M Students

Pearson, a British-owned education publishing company, is at the center of a lawsuit filed by an Illinois woman and her daughter over the handling of a data breach involving student personal information. Click to read entire article.

Woodstock city, police victims of ransomware-like cyber attack

The City of Woodstock and the Woodstock Police Service are both suffering from cyber attacks. Woodstock’s top administrator, David Creery, confirmed the city had a network breach early Saturday morning around 4 a.m. when a virus entered its computer system preventing access to city email and data networks. Click to read entire article.

AFRICA
DDoS attacks can wipe South African ISPs off the Internet

Fibre Internet service provider Cool Ideas has been beleaguered by distributed denial of service attacks (DDoS) over the past few weeks. This has severely degraded performance on its network, even causing an hours-long outage. Click to read entire article.

ASIA/PACIFIC
Losing over Rs 5000: Indian Company’s Data is Hacked or Stolen

…India ranks 15 in the world with respect to the total cost of data breaches. Around 51% of them are due to the malicious attacks, within which 27% are due to glitches in the system and 22% are due to human error. Click to read entire article.