We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: SEC Issues Rules on Cybersecurity Reporting Obligations, Count of Organizations Affected by MOVEit Attacks Hits 637, IBM Study Avg Breach = $4.4Mil, and more.
Ransomware Corner
Count of Organizations Affected By MOVEit Attacks Hits 637
At least 637 organizations have confirmed they were affected by the zero-day attack on MOVEit file-transfer servers that began in late May. That count, reported by German cybersecurity firm KonBriefing, includes organizations whose MOVEit servers were accessed as well as organizations affected indirectly because they work with one or more organizations that use the file-transfer tool built by Progress Software. Click to read entire article.
SEC Updates
SEC Issues Rules on Cybersecurity Reporting Obligations
On July 26, the Securities and Exchange Commission (SEC) issued new rules adding cybersecurity disclosures for public companies in three areas: cybersecurity incidents, governance, and risk management and strategy. Click to read entire article.
Public Entity
Cyber Attack on Montclair Township Led to $450K Ransom Payment
The Township of Montclair’s insurer negotiated a settlement of $450,000 with the people behind a recent “cyber incident” in order to end the attack, a report says. Click to read entire article.
Allegheny County Issues Notice of Data Breach
Allegheny County has released limited details on a data breach. According to the county, they were affected by a global cybersecurity incident impacting the popular file transfer tool, MOVEit. The breach allowed a group of cybercriminals to access county files on May 28 and 29. Click to read entire article.
Another CalPERS Retiree Sues PBI Over Data Breach That Exposed Social Security Numbers
A CalPERS retiree is bringing another class-action lawsuit in federal court for damages suffered as a result of a data breach that exposed retirees’ full names, social security numbers, birth dates and other sensitive personal information. Click to read entire article.
Financial Services
Aven Financial, Inc. Files Notice of Data Breach Impacting Consumers’ Social Security Numbers
On July 31, 2023, Aven Financial, Inc. filed a notice of data breach with the Attorney General of Texas after discovering that an unauthorized party was able to access certain information that had been provided to the company. In its notice, Aven indicates that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, driver’s license numbers and addresses. Click to read entire article.
New England Life Care Notifies Over 51k Patients of Recent Data Breach
On July 21, 2023, New England Life Care, Inc. (“NELC”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that certain files on the company’s computer network were unauthorized. In this notice, NELC explains that the incident resulted in an unauthorized party being able to access patients’ sensitive information. Click to read entire article.
Lawsuit Investigation Looks Into Talcott Resolution Data Breach
Talcott Resolution recently announced that a data breach targeting a widely used file transfer platform, MOVEit, has reportedly compromised files containing personal information belonging to an estimated 557,741 individuals. Attorneys working with ClassAction.org are now looking into whether a class action lawsuit can be filed on behalf of victims. Click to read entire article.
Healthcare
Data Breach Exposes Personal Information of 612K Medicare Recipients
A data breach at a data file sharing service has exposed the personal information of 612,000 Medicare recipients and millions of other health care consumers. Click to read entire article.
Several Healthcare Data Breaches Unfold From MOVEit Transfer Cyberattack
UT Southwestern Medical Center (UTSW); Harris Health Systems; Johns Hopkins All Children’s Hospital. Click to read entire article.
A Cyberattack Has Disrupted Hospitals and Health Care in Several States
Hospitals and clinics in several states began the time-consuming process of recovering from a cyberattack that disrupted their computer systems, forcing some emergency rooms to shut down and ambulances to be diverted. Click to read entire article.
Retail
(BI Exposure) Bedding Giant Tempur Sealy Takes Systems Offline Following Cyberattack
Bedding products giant Tempur Sealy (NYSE: TPX) has shut down certain systems after falling victim to a cyberattack, the company revealed in a filing with the US Securities and Exchange Commission (SEC). Click to read entire article.
Manufacturer
Cybersecurity Breach Leads to Lawsuit Against Pepsi Bottling Ventures
An employee at Pepsi Bottling Ventures claims the Raleigh company was negligent in its data security – causing the confidential personal information of more than 17,600 people to be exposed. Click to read entire article.
Higher Education
Syracuse University Settles Data Breach Class Action Suit
Syracuse University settled a proposed class action brought by a student after his personal information was stolen in a 2020 data breach and his bank account was hacked. Click to read entire article.
Research
IBM Study Avg Breach = $4.4Mil
IBM cost of data breach report 2023: costs hit record high, but only about half of breached companies increase their security investment. Click to read entire article.
Canada
B.C. Health-Care Workers’ Private Information Subject to Data Breach
Thousands of health-care workers’ personal information has been compromised in a data breach that’s targeted three websites on servers at the Health Employers Association of BC. Click to read entire article.
UK/EU
78% of European Big Banks Saw Data Breach in 2022
Research from SecurityScorecard revealed that out of 240 of the biggest banks in the European Union, 78% saw a third-party data breach in the past year. However, despite these breaches only 3% of the third-party vendors were breached, which shows hackers used supply chain attacks to gain access to all organizations that use the supply chain software, according to a press release. Click to read entire article.
Russian Hackers Crash Italian Bank Websites, Cyber Agency Says
Italy’s cyber security agency said it had detected hacker attacks against websites of at least five banks, which temporarily made it impossible to access some of their services. Click to read entire article.
Paramedic Billing Services Reports Data Breach: Sensitive Information Compromised
Prominent medical billing company Paramedic Billing Services (PBS) filed a data breach notice with the U.S. Department of Health and Human Services Office for Civil Rights, marking a significant incident that exposed consumers’ sensitive information to an unauthorized party. Click to read entire article.
Asia Pacific
Australian Bank Reveals It Has Been Impacted by Hwl Ebsworth Hack
Local neobank Judo Bank has announced that some of its data have been affected by the HWL Ebsworth cyber attack. Judo Bank has said that despite only using HWL Ebsworth for legal services for a short time, they have nonetheless been impacted. Click to read entire article.