We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Samsung Sued Over Recent Data Breaches, How DDoS Attacks Plagued PokerStars’ High Profile WCOOP Series, Class-Action Suits Over Data Breaches No Longer Require Proof of Actual Harm, Fitbit, Apple User Data Exposed in Breach Impacting 61M Fitness Tracker Records, and more.
Ransomware Corner
Defense Giant Elbit Confirms Data Breach After Ransomware Gang Claims Hack
Elbit Systems of America, a subsidiary of Israeli defense giant Elbit Systems, has confirmed suffering a data breach, a few months after a ransomware gang claimed to have hacked the company’s systems. Click to read entire article.
Healthcare
Lawsuit Claims Mon Health Didn’t Protect Patients from Data Breach
Morgantown, W.Va.-based Mon Health is being sued over a December 2021 data breach, The (Morgantown) Dominion Post reported Sept. 24. The data breach had compromised the health and personal data of at least 492,861 people, including patients, providers, employees and contractors, according to the story. The data reportedly included names, addresses, dates of birth, Social Security numbers, and health insurance and medical treatment information. Click to read entire article.
Humana Discloses Third-Party Data Breach at Choice Health
September 27, 2022 – Humana disclosed a third-party data breach to the Maine Attorney General’s Office that impacted 22,767 individuals. The breach originated at Choice Health, which sells Medicare products on Humana’s behalf. Click to read entire article.
OneTouchPoint Data Breach Investigation: Who’s Affected?
In April 2022, OneTouchPoint, which provides printing and mailing services for health insurance providers, experienced a data breach that compromised the personally identifiable information of more than one million people. Sensitive information such as customer names, addresses, birth dates, service description, diagnosis codes, member identification and health assessment information was potentially exposed to unauthorized third-parties. Click to read entire article.
Shipping
U-Haul Class Action Accuses Company of Neglect that Led to Data Breach
U-Haul didn’t adequately protect its computer systems, leading to cybercriminals obtaining the personal information of customers in a data breach, a new class action lawsuit alleges. According to the lawsuit, the hack started on Nov. 5, 2021, and continued for seven months through April 5, 2022, leaking personal information including names, dates of birth and driver’s license numbers. Click to read entire article.
Financial Services
Capital One’s $190 Million Data Breach Settlement: You Have Two Days to Claim Your Money
Class members can collect up to $25,000 for lost time and out-of-pocket expenditures, if they move quickly. Click to read entire article.
Payday Lender Cash Express Reports Data Breach Affecting 100,000 Customers
The nonbank lending company Cash Express reported to the Montana attorney general this month a data breach that gave an unauthorized party access to sensitive consumer information from more than 100,000 individuals. Click to read entire article.
Morgan Stanley to Pay SEC $35M to Settle Data Exposure Inquiry
Morgan Stanley Smith Barney LLC reportedly reached a $35 million settlement with the Securities and Exchange Commission (SEC) over allegations it improperly removed computer devices from its offices, exposing the data of millions of customers. Click to read entire article.
FinTech
Fintech Company Suffers Data Breach
Revolut suffered an online security nightmare this month as a recent data breach affected 50,000 customers worldwide. Click to read entire article.
Airlines
Breached American Airlines Email Accounts Abused for Phishing
American Airlines discovered it was breached after receiving reports of employee email accounts being used in phishing attacks. Last week, the airline started informing some of its customers that their personal data was likely compromised in a data breach identified in early July. Click to read entire article.
Telecom
Samsung Sued Over Recent Data Breaches
The 43-page complaint filed with the Federal District Court for the Northern District of California claims that Samsung unnecessarily collected user data and then stored and sold it without proper security protections, which led to two back-to-back data breaches. Click to read entire article.
T-Mobile $350 Million Data Breach Settlement: Are You Eligible for Money?
A cyberattack affected nearly 80 million T-Mobile customers last year. Click to read entire article.
Online Gambling (DDoS)
18 Hours of Disruption: How DDoS Attacks Plagued PokerStars’ High Profile WCOOP Series
PokerStars confirms recent interruption of the service were due to DDoS attacks but operator assures players’ funds are safe and services are back to normal. Click to read entire article.
Public Entity
Hackers Paralyze 911 Operations in Suffolk County, NY
A Sept. 8 ransomware attack on Suffolk County government systems in New York continues to wreak havoc on citizens of the area, driving overwhelmed 911 operators working without the aid of computers to call for backup. Click to read entire article.
Tech
Fitbit, Apple User Data Exposed in Breach Impacting 61M Fitness Tracker Records
An unsecured database containing over 61 million records related to fitness trackers and wearables exposed Apple and Fitbit users’ data online. Click to read entire article.
Legal Ruling Updates
Class-Action Suits Over Data Breaches No Longer Require Proof of Actual Harm, According to Federal Appeals Court Ruling
As ransomware attacks targeting the education sector grab more headlines every week, a new ruling from a federal appeals court has made it easier for people whose data is breached and leaked on the dark web to sue the organizations where the data was compromised. Click to read entire article.
Crypto
Wintermute Loses $160 Million in Hack
Cryptocurrency market maker disclosed the exploit on Twitter. Click to read entire article.
Asia Pacific
The Optus Customer Data Breach Could Lead to a Class Action Lawsuit. What Might That Look Like?
As the shockwaves from the massive Optus customer data breach ripple across Australia, there are already rumblings of a class action lawsuit. In Melbourne, law firm Slater and Gordon said on Tuesday it was investigating whether a deficiency in Optus’s management of data had led to the personal information of nearly 10 million current and former customers being leaked. Click to read entire article.
