We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Everything to Know About the Alleged AT&T Data Leak, Greensboro College to Blame for August 2023 Cyberattack, NHS Scotland Faces Data Breach in Alleged Cyberattack, and more.
Healthcare
Oklahoma Health Care Company Agrees to $1.45M Data Breach Settlement
Oklahoma City-based Avem Health Partners agreed to a $1.45 million lawsuit settlement after it experienced a cyberattack that breached the health data of 271,303 people, The HIPAA Journal reports. Click to read entire article.
Dedicated Senior Medical Center Notifies Patients of Recent Data Breach
On March 21, 2024, Dedicated Senior Medical Center filed a notice of data breach with the Attorney General of Texas after discovering that an unauthorized actor was able to access patient information that had been entrusted to the company. In this notice, Dedicated Senior Medical Center explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, dates of birth, and medical information. Click to read entire article.
Pembina County Memorial Hospital Notifies Patients of March 2023 Data Breach
On March 25, 2024, Pembina County Memorial Hospital (“Pembina”) filed a notice of data breach with the Attorney General of Montana after discovering that an unauthorized actor was able to access the company’s computer network. In this notice, Pembina explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, addresses, phone numbers, dates of birth, driver’s license numbers, vehicle identification numbers, passport numbers, Social Security numbers, financial account numbers, credit and debit card numbers, medical record numbers, patient, medical information, and health information. Click to read entire article.
Telecom
Everything to Know About the Alleged AT&T Data Leak: What You Can Do to Protect Yourself
Millions of AT&T customers saw their data, including sensitive information, published online late last week. The leak appears to be linked to a data breach from 2021, which AT&T denied at the time. The leak first came to light in 2021, when hackers claimed they’d stolen customer data from AT&T and said they were putting the information up for sale. Pieces of a set of data, allegedly from AT&T, were then published, but no breach was ever specifically verified. Click to read entire article.
Manufacturer
Wabtec Must Face Suit Over Data Breach Affecting 7,400 Employees
Westinghouse Air Brake Technologies Corp. lost its bid for an early end to a proposed class action alleging it failed to protect the personal information of more than 7,400 employees that was exposed in a March 2022 ransomware attack and data breach. Click to read entire article.
Higher Ed
Greensboro College to Blame for August 2023 Cyberattack, Class Action Alleges
The 49-page Greensboro College data breach lawsuit relays that the personal information of more than 52,000 individuals was compromised when cybercriminals infiltrated the North Carolina college’s computer systems. According to the defendant’s data breach notice letter, an investigation following the ransomware attack determined that the unauthorized access occurred between August 10 and August 21, 2023. Click to read entire article.
Lewis & Clark College Provides Notice of March 2023 Data Breach Affecting Students’ Confidential Information
On March 22, 2024, Lewis & Clark College (“Lewis & Clark”) filed a notice of data breach with the Attorney General of Maine after discovering that an unauthorized party had gained access to its computer network. In this notice, Lewis & Clark College explains that the incident resulted in an unauthorized party being able to access students’ sensitive information, which includes their names, dates of birth, Social Security numbers, driver’s license or state identification numbers, passports, financial account information, medical information, and health insurance information. Click to read entire article.
Saint Louis University Data Breach Alert: Issued by Wolf Haldenstein Adler Freeman & Herz LLP
Saint Louis University is notifying former students and patients that their personal information, including at least names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, health insurance and medical information, may have been accessed and/or stolen. Click to read entire article.
Public Entities
Haverford Township Says Data Breach May Have Exposed Personal Information
An investigation found that impacted files could include Social Security numbers, financial account information and medical data. Click to read entire article.
Canada
University of Winnipeg Investigating After Recent Cyber Attack
Classes have resumed at the University of Winnipeg after the post-secondary institution fell victim to a cyber attack. The U of W canceled classes due to a service outage on campus that left key systems used by students, faculty, and staff on campus, including campus Wi-Fi and classroom technology resources, unavailable. The University then announced that the service outage was related to a cyber incident that was discovered on Sunday, March 24. Click to read entire article.
EU
NHS Scotland Faces Data Breach in Alleged Cyberattack
The message about the NHS Scotland cyberattack was posted by the threat actor and forewarned the release of three terabytes of sensitive data. Click to read entire article.
Data Breach: Hardcopy Personnel Files Disappeared From Europol Office in The Hague
Hardcopy personnel files of several Europol executives disappeared from the European police service’s headquarters in The Hague sometime before September last year, POLITICO reported based on an internal memo and conversations with involved sources. Europol is currently trying to figure out how these paper files, which were supposed to be kept in a safe in a secure storage room inside the office, got out. Click to read entire article.