Cyber Risk News

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Hackers Breach LastPass Developer System, Doordash Customers’ Personal Information Exposed in Data Leak, Aetna Agrees to Pay $17 Million in HIV Privacy Breach, FTC Sues Data Broker, Condemns Improper Data Privacy Practices, and more.

Financial Services

Settlement Alert – How to Claim Money from Capital One’s $190 Million Data Breach Settlement

A huge data breach in March 2019 exposed the personal information of more than 100 million Capital One customers. As a result, the financial powerhouse has agreed to a proposed $190 million settlement that is set to receive final approval next week. Click to read entire article.

Ellington Management Group, LLC Announces Data Breach Related to Compromised Employee Email Accounts

On August 29, 2022, Ellington Management Group, LLC reported a data breach with the Montana Attorney General after the company learned that an unauthorized party had gained access to two employee email accounts. According to Ellington, the breach involved mortgage holders’ names, Social Security numbers, driver’s license numbers, electronic signatures, credit card numbers, dates of birth, bank or financial account numbers, and other information you may have provided in connection with your mortgage loan. Click to read entire article.

Millions of Student Loan Accounts Exposed in Data Breach

The data of over 2.5 million individuals who have taken out student loans with either the Oklahoma Student Loan Authority (OSLA) or EdFinancial has been exposed in a data breach. The breach itself was suffered by Nelnet Servicing, a Nebraska-based technology services firm that both loan companies utilized for their web portals. Click to read entire article.

Lending Tree Notifies 70,000 Customers of Data Breach

Online mortgage lender Lending Tree sent breach notification letters to affected individuals on June 29, 2022. The letter advises those persons that their name, social security number, date of birth, and address were compromised in mid-February 2022. Click to read entire article.

Jack Dorsey’s Company Block Sued Over Security Breach

A class action lawsuit alleges the company failed to protect the data of over 8.2 million users, stolen by an ex-employee.

Block, a digital payments company co-founded by Twitter’s ex-CEO Jack Dorsey, faced allegations it failed to protect customers’ personal data. According to a class action lawsuit, the company failed to implement adequate security measures. The lawsuit was filed by two users of Cash App, a subsidiary of Block. Click to read entire article.

Security Tech

Hackers Breach LastPass Developer System to Steal Source Code

Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information. The security breach is said to have occurred two weeks ago, targeting its development environment. No customer data or encrypted passwords were accessed, although the company provided no further details regarding the hack and what source code was stolen. Click to read entire article.

Manufacturer

Valex Corporation Announces Data Breach Following Malware Attack

On August 25, 2022, Valex Corporation filed an official notice of a data breach with the Attorney General of California after the company reportedly experienced a malware attack that leaked consumer data. According to Valex, the breach resulted in the names, dates of birth and Social Security numbers of certain individuals being compromised. Click to read entire article.

Library Services

Baker & Taylor’s Systems Remain Offline a Week After Ransomware Attack

A server outage has impacted library services company Baker & Taylor’s systems and applications, said the firm on Twitter on August 23, 2022. A day later, the firm confirmed it engaged outside third-party experts to fix the issue. Click to read entire article.

Pharmaceutical

SCA Pharmaceuticals, LLC Announces Data Breach

On August 29, 2022, SCA Pharmaceuticals, LLC reported a data breach with the Montana Attorney General’s office after the company experienced a malware attack. According to SCA Pharma, the breach resulted in the names, dates of birth, Social Security numbers, other governmental identifiers, certain health information, and bank account information of certain individuals being compromised. Click to read entire article.

Food Delivery/ Tech.

Doordash Customers’ Personal Information Exposed in Data Leak

The food-delivery company is reporting a data breach that left customers’ personal information exposed. The company says customers had their names, email and delivery addresses, phone numbers and card numbers stolen. Click to read entire article.

Tech/Online Media

Russian Streaming Platform Confirms Data Breach Affecting 7.5M Users

Russian media streaming platform ‘START’ (start.ru) has confirmed rumors of a data breach impacting millions of users. The platform’s administrators shared that network intruders managed to steal a 2021 database from its systems and are now distributing samples online. Click to read entire article.

Healthcare

Aetna Agrees to Pay $17 Million in HIV Privacy Breach

Aetna settled a lawsuit for $17 million Wednesday over a data breach that happened in the summer of 2017. The privacy of as many as 12,000 people insured by Aetna was compromised in a very low-tech way: the fact that they had been taking HIV drugs was revealed through the clear window of the envelope. Click to read entire article.

Individuals Affected by Vendor Ransomware Attack Reaches 2.7M

The number of people affected by a ransomware attack on printing and mailing vendor OneTouchPoint has reached 2.7 million, according to an updated breach report. The report, filed to the Maine attorney general’s office Aug. 26, indicates individuals were affected by an “external system breach hacking” incident detected July 15. Click to read entire article.

HealthCare.gov Breach Exposed Personal Details of 75,000, Including Partial Social Security Numbers

A data breach at HealthCare.gov exposed personal details of roughly 75,000 people, including the last four digits of the Social Security number, immigration status and employer name, the Department of Health and Human Services said in a letter to those affected on Friday. Click to read entire article.

CorrectHealth Announces Data Breach Affecting the Personal Information of More Than 54k Individuals

On August 25, 2022, CorrectHealth reported a data breach with the various state attorney generals’ offices after the company learned that an unauthorized party had gained access to several employee email accounts. According to Correct Health, the breach resulted in the names, addresses, Social Security numbers, Driver’s License numbers, passport numbers, financial account information, and limited medical information of certain individuals being compromised. Click to read entire article.

EmergeOrtho Reports Data Breach Leaking Social Security Numbers of up to 75,200 Individuals

On August 25, 2022, EmergeOrtho reported a data breach with the various state attorney generals’ offices after the company learned it was the target of a ransomware attack. According to EmergeOrtho, the breach resulted in the first and last names, addresses, Social Security numbers, and dates of birth of certain individuals being compromised. Click to read entire article.

Higher Education

Napa Valley College Files Report of Recent Data Breach Following Ransomware Attack

On August 25, 2022, Napa Valley College confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on NVC’s network. According to NVC, the breach resulted in the names and Social Security numbers belonging to certain individuals being compromised. Click to read entire article.

Data Processing

Newcourse Communications, Inc. Announces Data Breach Leaking the Social Security Numbers of as Many as 47,000 People

On August 18, 2022, Newcourse Communications, Inc. reported a data breach with several state attorney generals’ offices after the company’s computer systems were hacked. According to the Newcourse, the breach resulted in the names and Social Security numbers of certain individuals being compromised. Click to read entire article.

Privacy (wrongful collection or sharing)

FTC Sues Data Broker, Condemns Improper Data Privacy Practices

The FTC underscored its commitment to fighting against improper location and health data privacy practices in a recent lawsuit against data broker Kochava. Click to read entire article.

Cybersec Research

79% of the Companies Only Invest in Cybersecurity After Hacking Incidents

The British cybersecurity company Tanium published a survey on investments in digital protection in UK companies with alarming results: 79% of them only approve investments in cybersecurity after suffering a data breach; 92% experienced a data attack or breach, of which 74% occurred in 2021. Click to read entire article.

Cyber Legal/Liability Risk Landscape

United States: Plaintiffs’ Attorneys Racing to Courthouses in the United States to File Data Breach Class Actions

While in years past companies that experienced a data breach and had to send notice to regulators and impacted individuals might hope they never get sued, now they should fully expect to have a lawsuit filed. The lag time between when the companies sent notice of the breach and a resulting lawsuit has truncated. Click to read entire article.


Vol. 248 – September 21, 2022

Download 2024 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download

© 2024 NetDiligence All Rights Reserved.