We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack, Capita Faces Class Action Lawsuit After Data Breach, Atomic Wallet Heist: Hackers Utilize THORchain to Mask $35 Million Stolen Funds, and more.
Ransomware Corner
Onix Group Sued for Failing to Prevent Ransomware Attack and 320K-Record Data Breach
Onix Group, a Pennsylvania-based real estate development firm and provider of business management and consulting services, is being sued for failing to prevent a ransomware attack in which the hackers stole the protected health information of 320,000 individuals. Click to read entire article.
Harvard Pilgrim Health Care Ransomware Attack Hits 2.5 Million People
Harvard Pilgrim Health Care (HPHC) has disclosed that a ransomware attack it suffered in April 2023 impacted 2,550,922 people, with the threat actors also stealing their sensitive data from compromised systems. Click to read entire article.
BlackCat Claims They Hacked Reddit and Will Leak the Data
Operators broke into Reddit on February 5, 2023, and took 80 gigabytes (zipped) of data. Reddit was emailed twice by operators, once on April 13 and again on June 16. Click to read entire article.
Technology
Microsoft Confirms Recent Service Outages Were DDoS Attacks, Offers Protection Tips
Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359. Click to read entire article.
Retail
Don Roberto Settles Data Breach Lawsuit
Don Roberto Jewelers, a 90-store chain based in San Clemente, Calif., has agreed to a $4 million settlement, following a 2021 data breach, which exposed the personal information of some 185,000 customers. Click to read entire article.
Snack Food
Snack Food Company Mondelez Warns Employees of Data Theft
Mondelez, the U.S. manufacturer of Oreo cookies and Milka chocolate, has warned employees that their personal data has been compromised through a breach at the law firm Bryan Cave, which provides legal services to Mondelez and other Fortune 500 companies. Click to read entire article.
Financial Services
FirstBank Puerto Rico Announces Data Breach After Cyberattack at MIAC
On June 8, 2023, Mortgage Industry Advisory Corporation (“MIAC”) filed a notice of data breach on behalf of FirstBank Puerto Rico after MIAC determined that a cyberattack targeting the company’s IT network resulted in FirstBank customer data being leaked. Click to read entire article.
Umpqua Bank Said It’s Part of Data Hack, No Proof Yet of Breach
Umpqua Bank is alerting its customers about a data breach. It said it involves the same hack that pulled data from Oregon’s Department of Transportation driver’s license database this month. The State of Oregon said 3.5-million Oregonians’ personal data could be hacked in a data breach of the state’s transportation department. The United States Department of Homeland Security is investigating the MOVEit hack as a Russian cyberattack. Click to read entire article.
Background Check
Creative Services Data Breach $1.2M Class Action Settlement
Creative Services Inc. (CSI) agreed to pay $1.2 million to resolve claims it failed to prevent a 2021 data breach that compromised sensitive employee and consumer information. Click to read entire article.
Healthcare
4 Health Systems Facing Lawsuits for Data Breaches
Several hospitals and health systems across the U.S. are facing lawsuits regarding data breach incidents that involved patients’ protected health information. Click to read entire article.
Apria Healthcare Hit with Class Action Over Data Breach Affecting 1.8M People
The 45-page lawsuit says that Apria, a provider of home medical equipment and services for sleep apnea, wound care and diabetes, announced in May 2023 that unauthorized third parties had accessed its network at various times between April 5 and May 7, 2019, and again between August 27 and October 10, 2021. Click to read entire article.
Legal Investigation Looks into PharMerica Data Breach: Was Your Info Exposed?
The pharmacy services provider recently announced that an unauthorized third party had gained access to its computer systems and obtained patients’ highly sensitive data – including their names, dates of birth, Social Security numbers, medication lists and health insurance information. Click to read entire article.
16,000 Vermont Health Insurance Customers Affected by Data Theft, More Than Previously Known
The cyberattack mostly impacted members of Vermont Blue Advantage, but other insurance plan holders were also affected. Click to read entire article.
Public Entity
The Washington Department of Licensing Agreed to Pay $3.6 Million to Resolve Claims That It Failed to Prevent a 2022 Data Breach
Plaintiffs in the data breach class action lawsuit claim that the Washington Department of Licensing could have prevented the security incident through reasonable cybersecurity measures but failed to do so out of negligence. The 2022 data breach compromised sensitive information such as licensing information, Social Security numbers, birth dates and ID numbers. Click to read entire article.
Thousands May Have Had Personal Info Exposed in January Cyberattack, DMPS says
Nearly 6,700 people may have had their personal information exposed in a January cyberattack against Des Moines Public Schools, the district said. Click to read entire article.
GOHSEP Announces Additional Safety Steps to Protect Against MOVEit Cyber Breach
The Governor’s Office of Homeland Security and Emergency Preparedness (GOHSEP) announced that additional information has been added to the website nextsteps.la.gov to help Louisianans better protect themselves against identity theft in light of a recent MOVEit cybersecurity breach in Louisiana as well as several other states and countries. Click to read entire article.
Higher Ed
UTMC Involved in Fortra Data Breach
The U.S. Department of Health and Human Services recently announced the discovery of a data breach involving cybersecurity company Fortra, which may have affected more than four million people worldwide. This attack specifically targeted medical data, including data at the University of Toledo Medical Center. Click to read entire article.
USG Says Data May Have Been Exposed in Breach
The University System of Georgia said cybercriminals likely had access to data stored in software that is used across the system, including at the University of Georgia. The breach is related to the MOVEit Secure File Transfer and Automation software, which USG and UGA use to store and transfer sensitive data, according to a statement from USG. The software’s creator, Progress Software, identified a defect in the program that may have exposed data. Click to read entire article.
Crypto
Atomic Wallet Heist: Hackers Utilize THORchain to Mask $35 Million Stolen Funds
In a shocking revelation, blockchain detective MistTrack has unveiled the masterminds behind the audacious $35 million theft from Atomic Wallet. The perpetrators, exhibiting unparalleled expertise in the field, cunningly employed the cross-chain liquidity protocol THORChain to obfuscate their illicit activities and launder the stolen funds. Click to read entire article.
Africa
Data Breach: Banks, Telcoms, Oil Firms To Lose 2% Revenue, Says FG
The Nigeria Data Protection Commission (NDPC) has disclosed that henceforth commercial banks, telecommunications companies, and other organizations will now lose two percent of their annual revenue to the federal government for any breach of their customers’ data, thegazellenews.com reports. Click to read entire article.
Asia Pacific
Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack
The Office of the Australian Information Commissioner (OAIC) says some of its files were stolen in a ransomware attack on law firm HWL Ebsworth. Click to read entire article.
Medibank’s Staff Details Stolen After Property Manager Faces Cyber Breach
Australia’s largest private health insurer Medibank Private said a file containing names and contact details of staff members had been compromised after its property manager faced a cybersecurity breach. Click to read entire article.
Japan’s Largest Port Stops Operations After Ransomware Attack
The Port of Nagoya, the largest and busiest port in Japan, has been targeted in a ransomware attack that currently impacts the operation of container terminals. The port accounts for roughly 10% of Japan’s total trade volume. It operates 21 piers and 290 berths. It handles over two million containers and cargo tonnage of 165 million every year. Click to read entire article.
EU/UK
European Investment Bank Attacked, Hackers Claiming to “Impose Sanctions on EU”
The pro-Russian Killnet hackers group claimed on their Telegram to have targeted the inter-network infrastructure of the EIB. Click to read entire article.
Capita Faces Class Action Lawsuit After Data Breach
Barings Law has launched a lawsuit against Capita. Click to read entire article.
Pro-Russia Hacker Group Claims Major DDoS Attack on the Port of Rotterdam
The Port of Rotterdam, the largest seaport in Europe, reportedly suffered a major cyber attack that knocked off its official website for hours. Click to read entire article.
Hackers Warn University of Manchester Students of Imminent Data Leak
The ransomware operation behind a cyberattack on the University of Manchester has begun to email students, warning that their data will soon be leaked after an extortion demand was not paid. The threat actors claim to have stolen 7 TB of data from the University of Manchester during a June 6th cyberattack in an email sent to students and shared with BleepingComputer. Click to read entire article.
