We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Cybercrime (and Security) Predictions for 2023, DraftKings Data Breach, McGraw Hill exposed student data and grades, Average cost of a data breach expected to hit $5 million in 2023, and more.

2023 Cyber Predictions

Cybercrime (and Security) Predictions for 2023

Threat actors continue to adapt to the latest technologies, practices, and even data privacy laws—and it’s up to organizations to stay one step ahead by implementing strong cybersecurity measures and programs. Click to read entire article.

Ransomware Corner

Scripps Health Reaches $3.5M Settlement After Ransomware Attack

Scripps Health recently settled a class action lawsuit stemming from a 2021 ransomware attack that impacted 1.2 million individuals. Click to read entire article.

Gaming

DraftKings Data Breach Impacts Personal Information of 68,000 Customers

The incident, initially disclosed in November, was the result of a credential stuffing attack and not a breach of DraftKings’ systems, the company says. Credential stuffing involves the use of leaked credentials (usernames, email addresses, and passwords) obtained from a third-party source to access an account on a different service. Such attacks are successful only because some individuals use the same credentials for accounts on different services. Click to read entire article.

Higher Education

Hope College Files Notice of Data Breach Following Unauthorized Access to Sensitive Student Information

On December 15, 2022, Hope College reported a data breach with the Montana Attorney General after the school determined that an unauthorized party had gained access to files containing confidential student information. According to Hope College, the breach resulted in students’ first and last names, dates of birth, Social Security numbers, driver’s license numbers, and student ID numbers being compromised Click to read entire article.

Financial Services

Order Express, Inc. Reports Data Breach Affecting the Information of Over 63k Consumers

On December 15, 2022, Order Express, Inc. reported a data breach with several state attorney general offices after the company learned of a data security incident resulting in the sensitive information of more than 63,000 consumers being leaked. Click to read entire article.

Tax Prep Co. Sued Over Data Breach Affecting 240K Clients

Tax service provider Wing Financial did not alert customers to a breach that affected more thank 240,000 individuals until four months after it claimed to have discovered the attach, a client alleged in a proposal. Click to read entire article.

Technology

Uber Data Breach of Employee Information Caused by Third-Party Vendor

A new Uber data breach that took place on December 12 has reportedly compromised the information of about 77,000 employees. The incident has been traced back to a third-party vendor, and the stolen data has been posted to a dark web forum Click to read entire article.

Crypto

Hackers leak personal info allegedly stolen from 5.7M Gemini users

Gemini crypto exchange announced this week that customers were targeted in phishing campaigns after a threat actor collected their personal information from a third-party vendor. Click to read entire article.

Hacker steals 14 BAYC worth over 852 ETH ($1.07 million)

Over the weekend, an infamous hacker known as Jason Brubeck succeeded in stealing around 850 ETH ($1+ million) worth of the Bored Ape collection, leaving his victim completely devastated.

Click to read entire article.

Healthcare

GA Health System Reports Healthcare Data Breach

Emory Healthcare (EHC), Epic Management, and NYC Health + Hospitals recently disclosed healthcare data breaches. Click to read entire article.

Six Data Breaches Reported by Healthcare Providers and Business Associates

Work Health Solutions, a San Jose, CA-based occupational health services provider, has confirmed that the protected health information of 13,157 individuals has been exposed and potentially obtained by unauthorized individuals who had access to an employee email account between February 16, 2-022 and March 24, 2022. Click to read entire article.

Fertility Centers of Illinois data breach $450K class action settlement

Fertility Centers of Illinois (FCI) agreed to pay $450,000 to end claims it allowed a 2021 data breach through subpar cybersecurity measures. Click to read entire article.

CommonSpirit Health sued over data breach involving 600,000 patients

Chiagaco-bassed Catholic hospital chain CommonSpirit Health has been hit with a proposed class-actiion lawsuit over its monthling data breach at the end of last year that impacted more than 600,000 patients. Click to read entire article.

Medstar Mobile Healthcare Files Notice of Data Breach Affecting 612k Patients

On December 19, 2022, Medstar Mobile Healthcare (“Metropolitan Area EMS Authority dba MedStar Mobile Healthcare”) filed notice of a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after a recent hacking incident targeting the company’s computer system compromised confidential information belonging to certain patients. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ protected health information. Click to read entire article.

Arkansas Hospital Notifies Patients of Healthcare Data Breach

As the new year begins, healthcare data breach reports continue to roll in. Click to read entire article.

Public Entities

Data breach at Rochester Public Library

More than 1,700 patrons’ data may have been access through this cyber-attack. Click to read entire article.

Energy

P2 Energy Solutions Notifies Over 69k Consumers of a Data Breach that Leaked Their Social Security Numbers

On December 19, 2022, P2 Energy Solutions reported a data breach with the Office of the Maine Attorney General after learning that an unauthorized party was able to bypass the company’s data security system and access confidential consumer information Click to read entire article.

Publishing

McGraw Hill exposed student data and grades, online privacy firm says

Education publishing company McGraw Hill had a data breach that potentially exposed hundreds of thousands of students’ email addresses and grades, a recent report from vpnMentor said. Click to read entire article.

Retail

SevenRooms Restaurant CRM Suffers Significant Data Breach

SevenRooms – a CRM system used by several major international restaurant chains and a collection of other hospitality businesses – has suffered a data breach. Click to read entire article.

Job applicant data stolen in breach of burger chain Five Guys

Burger chain Five Guys Enterprises LLC has disclosed a data breach that resulted in the theft of personally identifiable information of job applicants at the company. Click to read entire article.

Privacy Liability

‘Fortnite’ maker Epic Games to settle alleged privacy violations for $520m

‘Fortnite’ creator Epic Games will pay $520 million to settle allegations that it illegally collected children’s personal information and tricked people into making purchases, the US Federal Trade Commission and the company have said. Click to read entire article.

Meta fined over $400 million by top EU regulator for forcing users to accept targeted ads

Facebook parent company Meta on Wednesday was slapped with a pair of fines totaling more than $400 million as the Irish privacy regulator concluded the company’s advertising and data handling practices were in breach of EU privacy laws. Click to read entire article.

Railway Industries

Billion-dollar rail firm confirms data breach after suspected ransomware attack

One of the world’s largest rail and locomotive companies announced a data breach this week that involved troves of employee information following an alleged ransomware attack last summer. Wabtec, which has about 25,000 employees and operates in 50 countries, began sending out breach notification letters on December 30 letting people know that data was stolen from their systems during a cyberattack they discovered last June. Click to read entire article.

Music Steaming

Data of over 200 million Deezer users stolen, leaks on hacking forum

Music-streaming service Deezer has owned up to a data breach, after hackers managed to steal the data of over 200 million of its users. The data, which appears to have been stolen from one of Deezer’s third-party service providers in 2019. Click to read entire article.

Data Breach Research

Average cost of a data breach expected to hit $5 million in 2023

Acronis on Monday reported that threats from phishing and malicious emails have increased by 60% and the average cost of a data breach could reach $5 million by next year. Click to read entire article.

Asia Pacific

Data of over 100,000 students exposed in a massive data breach

Student data of McGraw Hill, an education publishing company based in the USA, mistakenly exposed records of over 100,000s students online. The data could be accessed by anyone with a web browser. This breach exposed students from several universities across the US and Canada. Click to read entire article.