Cyber Risk News

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Hackers Use Google Ads to Deliver Bumblebee Malware, American Bar Association Says 1.5 Million Lawyers’ Data Breached, Thousands Launch Multi-Million-Pound Action Over Arnold Clark Data Breach, and more.

Ransomware/ Malware Corner

Fortra Class Action Claims Data Breach Affects 1 Million Customers

Plaintiff Branton Underwood, along with a minor plaintiff, claim Fortra instituted “impermissibly inadequate data security” that they argue allowed a Russian-linked hacker/ransomware group to successfully conduct the cyberattack. Click to read entire article.

Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers

Print management software provider PaperCut said that it has “evidence to suggest that unpatched servers are being exploited in the wild,” citing two vulnerability reports from cybersecurity company Trend Micro. Click to read entire article.

Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack

Threat actors are employing a previously undocumented “defense evasion tool” dubbed AuKill that’s designed to disable endpoint detection and response (EDR) software by means of a Bring Your Own Vulnerable Driver (BYOVD) attack. Click to read entire article.

Hackers Use Google Ads to Deliver Bumblebee Malware

Recently, Secureworks’ Counter Threat Unit (CTU) researchers reported that cyber attackers are actively using Google Ads and SEO poisoning to distribute the Bumblebee malware, which targets enterprises and is disguised as popular applications. Click to read entire article.

Professional Services

American Bar Association Says 1.5 Million Lawyers’ Data Breached

A representative stated that the login details of 1.5 million lawyers and other account holders on the American Bar Association’s website might have been compromised. Click to read entire article.

Accounting Firm Rubino & Company Files Official Notice of Data Breach

On April 19, 2023, Rubino & Company filed a notice of data breach with the Massachusetts Attorney General after learning that confidential consumer information stored on the company’s IT network was subject to unauthorized access. Click to read entire article.

K-12

Class Action Data Breach Lawsuit Against Illuminate Dismissed

A class action lawsuit filed against ed tech company Illuminate Education has been dismissed by a state judge who said the plaintiffs had failed to establish standing or prove any instance of actual identity theft. Click to read entire article.

Healthcare/ HIPAA

277,000 Santa Clara Family Health Plan Members Affected by GoAnywhere Hack

Santa Clara Family Health Plan has confirmed the 276,993-record data breach reported to the HHS’ Office for Civil Rights on March 30, 2023, was due to the hacking of Fortra’s GoAnywhere MFT solution by the Clop ransomware group. Click to read entire article.

NationsBenefits Confirms Personal Data Theft in Fortra Breach

NationsBenefits, a Florida-based technology company that provides supplemental benefits for health insurance members, has confirmed that over 7,100 state residents had their personal information stolen in the late-January ransomware attack on Fortra’s systems. Click to read entire article.

Retail

KFC, Pizza Hut Parent Hit With Class Action Over January Data Breach

A former employee of a Yum! Brands company has filed a class action lawsuit after her personal information was allegedly compromised in a January 2023 ransomware attack. Click to read entire article.

Don Roberto Jewelers Data Breach $4M Class Action Settlement

Between Feb. 16 and March 3, 2021, a data breach allegedly gained access to sensitive consumer and employee information held by Don Roberto Jewelers. According to a class action lawsuit, the jeweler’s negligence allowed hackers to gain access to Social Security numbers and other identifiers. Click to read entire article.

Realty

Kimco Realty Corporation Notifies Current and Former Employees of Recent Data Breach

On April 14, 2023, Kimco Realty Corporation {“Kimco”) filed a notice of data breach with the Attorney General of Texas after a company Kimco had acquired, Weingarten Realty Investors, experienced a cyberattack resulting in confidential consumer data being exposed to unauthorized access. Click to read entire article.

Transportation

SEPTA Data Breach Class Action Settlement

Southeastern Pennsylvania Transportation Authority (SEPTA) agreed to a class action settlement to resolve claims that it failed to prevent an August 2020 data breach that compromised employee data. Click to read entire article.

Public Entity

San Bernardino County Sheriff’s Department Shuts Down Internet Systems Following Recent Cyberattack

More than two weeks after the San Bernardino County Sheriff’s Department was hit with a cyberattack, the department is still working to get all of its systems back online. Click to read entire article.

Financial Services

US-Based Bryant Bank Discloses Breach of Customers’ Personally Identifiable Information

Bryant Bank, a community bank in the US state of Alabama, recently disclosed a data breach that compromised the sensitive personal information of its customers. Click to read entire article.

Canada

Yellow Pages Canada Confirms Cyber Attack as Black Basta Leaks Data

Yellow Pages Group, a Canadian directory publisher has confirmed to BleepingComputer that it has been hit by a cyber attack. Click to read entire article.

EU/UK

Capita Admits to Possible Data Breach

IT outsourcing firm Capita has stated that its customer, supplier and colleague data may have been accessed by hackers. The firm is currently investigating an attack on its systems from March 2023. Click to read entire article.

Thousands Launch Multi-Million-Pound Action Over Arnold Clark Data Breach

Car sales giant Arnold Clark is facing multi-million-pound group action claims from thousands of customers following a data breach, we can reveal. Click to read entire article.

Shields Health Care Group Data Breach Impacted More than 2.3 Million Patients

US medical services provider Shields Health Care Group (SHCG) has disclosed a data breach that compromised the sensitive personal information of more than 2.3 million people. Click to read entire article.

Asia Pac

Australia’s Optus Hit With Class-Action Suit Over Data Breach

Over 100,000 current and ex-customers of Australian broadband and pay TV operator Optus have hit the company with a class-action lawsuit over a cybersecurity breach that occurred last year and compromised the data of up to 10 million existing and former customers. Click to read entire article.

India’s ICICI Bank Allegedly Leaked 3.6M Data Records Via Misconfigured Server

ICICI Bank, one of India’s leading financial organizations, reportedly suffered a significant data breach that allegedly compromised the sensitive personal information of its customers. Click to read entire article.

Africa

Daggerfly Cyberattack Campaign Hits African Telecom Services Providers

Telecommunication services providers in Africa are the target of a new campaign orchestrated by a China-linked threat actor at least since November 2022. The intrusions have been pinned on a hacking crew tracked by Symantec as Daggerfly, and which is also monitored by the broader cybersecurity community as Bronze Highland and Evasive Panda. Click to read entire article.


Vol. 256 – May 17, 2023

Download 2024 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download

© 2024 NetDiligence All Rights Reserved.