We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Healthcare Ransomware Attack Targets Practice Management Vendor, British Airways settles with 2018 data breach victims, LimeVPN Backup Database Hacked, and more.
Ransomware Corner
Up to 1,500 businesses affected by ransomware attack, U.S. firm’s CEO says
Between 800 and 1,500 businesses around the world have been affected by a ransomware attack centered on U.S. information technology firm Kaseya, its chief executive said on Monday. The hackers who claimed responsibility for the breach have demanded $70 million to restore all the affected businesses’ data, although they have indicated a willingness to temper their demands in private conversations with a cybersecurity expert and with Reuters. Click to read entire article.
Healthcare Ransomware Attack Targets Practice Management Vendor
Practice management vendor Practicefirst announced a 2020 healthcare ransomware attack that may have exposed patient and employee PII. Click to read entire article.
Why A Trucking Company Called A Lawyer Minutes After A Ransomware Attack
Earlier this year, Carrie Palmer got a panicked phone call from a client. The trucking company had gotten hit by a ransomware attack minutes earlier, and it wanted the South Carolina-based lawyer’s guidance on what its next steps should be. Click to read entire article.
NYDFS
New York Department of Financial Services Announces a $1.8 Million Settlement with Two Life Insurers for Data Breach Violations
The NYDFS conducted an investigation and determined that the two life insurers (the “Companies”) had been the subject of two phishing attacks in 2018 and 2019, which compromised the email accounts of several of the Companies’ employees, with access to a significant amount of sensitive and personal data of their customers. Click to read entire article.
Social Media
LinkedIn data breach exposes info of 700M users
Data stolen from a popular online employment service as well as a massive ransomware attack this holiday weekend has security experts warning people your personal information is at risk – and you need to protect yourself. Click to read entire article.
Healthcare
Dominion National reaches $2M settlement over nine-year data breach
Insurance giant Dominion National reached a $2 million settlement with the 2.9 million patients affected by its nine-year data breach, first reported in 2019. The security incident was the second-largest breach reported to the Department of Health and Human Services that year. Click to read entire article.
Kroger to pay $5M to settle Accellion breach after 1.4 million pharmacy patients exposed
Kroger has agreed to pay to settle claims related to the data breach on file transfer vendor Accellion, according to June 30 California federal court documents. Click to read entire article.
Public Entity
After contact tracing data breach, Pa. sidesteps scrutiny on proposed $34M contract
State lawmakers are calling into question whether the Department of Health should be jumping into another, more expensive contact tracing contract after a severe data breach with the last company. Click to read entire article.
Airlines
British Airways settles with 2018 data breach victims
British Airways has settled a case brought by customers and staff affected by a massive 2018 data breach that led to personal information being leaked, the court-appointed lead solicitors in the case said on Tuesday. Britain’s Information Commissioner’s Office in October fined British Airways 20 million pounds ($27.7 million) – the data protection watchdog’s biggest such penalty at the time – for failing to protect the personal and financial details of its customers. Click to read entire article.
Automotive (Supply Chain)
Mercedes-Benz Hit by Third-Party Data Breach
Automobile maker Mercedes-Benz USA said a data breach in its supply chain had exposed personal information of roughly 1.6 million of its actual and potential customers. Click to read entire article.
Volkswagen and Audi Hit with Data Breach Class Action
This week, Volkswagen AG’s U.S. entity and its Audi brand were hit with a class action for a data breach that allegedly compromised 3.3 million consumers’ personal information. In the U.S. District Court for the District of New Jersey, a California consumer filed a suit against the automakers on behalf of other current and prospective car buyers whose information was allegedly compromised by hackers. Click to read entire article.
Navistar data leaked on auction site after cyberattack
Dark web marketplace claims to be auctioning off hundreds of gigabytes of stolen files. Click to read entire article.
Technology
LimeVPN Backup Database Hacked
Further discussions with LimeVPN have revealed the claim of 69,000 users being affected was actually an activity log total, with the number of live user accounts closer to 800. LimeVPN also confirmed their website has not been hacked and the claim of all private keys being leaked is false. Click to read entire article.
Vendor Breaches (Cause of Loss)
Vendor incidents lead the 10 biggest healthcare data breaches of 2021 so far
Accellion: over 3.51 million individuals
Florida Healthy Kids: 3.5 million patients
20/20 Eye Care Network: 3.3 million patients
CaptureRx: 1.7M individuals
Netgain: more than 865,000
Personal Touch Holding: 753,107
Hendrick Health: 640,436
Wolfe Clinic: 527,378 patients
Bricker & Eckler: 420,532 patients
Health Plan of San Joaquin: 420,000
South Africa
Major South African Insurance Company Suffers Data Breach
A data breach has been reported by QSure insurance company in South Africa. As a result of this incident, sensitive information such as bank account details was stolen by a third party, according to Money Web. Click to read entire article.
Asia Pacific
Japan’s “K” Line Apologizes for Second Cyberattack in Months
Japanese shipping company Kawasaki Kisen Kaisha, known as “K” Line issued a brief statement today confirming that its computer systems have once again been breached with “unauthorized access to overseas subsidiary systems.” Click to read entire article.
Air India flyer seeks damages over data breach
A legal notice was sent to Air India management on July 4 by Ritika Handoo in which she said that the airline informed her about the breach on June 1, her lawyer said. Click to read entire article.
Tamil Nadu PDS system breached, data of 4.5 Mn people on sale: Technisanct reports
A legal notice was sent to Air India management on July 4 by Ritika Handoo in which she said that the airline informed her about the breach on June 1, her lawyer said. Click to read entire article.
