We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: AT&T Customers May Be Entitled to Compensation, Christie’s Data Breach Impacted 45,798 Individuals, Samsung UK Customers Caught in Breach, Prudential Financial Sued Over Breach, and more.

Financial

LendingTree Confirms That Cloud Services Attack Potentially Affected Subsidiary

Financial services firm LendingTree confirmed that one of its subsidiaries was potentially affected by a cybersecurity incident following a wider attack on customers of data storage company Snowflake. Click to read entire article.

Prudential Financial Sued Over Breach Affecting 36,545 People

Prudential Financial Inc. failed to protect the personal information of 36,545 people in a February data breach, a proposed federal class action said. Constance Boyd alleged that Prudential, an insurance and financial services firm, breached its duties under common law and the Federal Trade Commission Act to implement reasonable data-security measures, comply with industry standards and federal regulations, and provide timely and adequate notice of the breach. Click to read entire article.

CU Student Choice Begins Notifying Consumers of May 2024 Data Breach

On June 6, 2024, CU Student Choice Partners, LLC (“CU Student Choice”) filed a notice of data breach with the Attorney General of Massachusetts after discovering that an unauthorized party was able to access confidential information in the company’s possession. In this notice, CU Student Choice explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, addresses, email addresses, phone numbers, and loan account numbers. Click to read entire article.

K-12 Schools

Probe Launched: Alleged LAUSD Data Theft Can Expose Student to Fraud

LAUSD has initiated an investigation into an alleged data theft claimed by an unknown threat actor. Tens of millions of students’ data records, thousands of teacher records, and hundreds of staff records are put up for sale on the dark web. Click to read entire article.

Legal

Law Firm Kirkland Sued in Class Action Over MOVEit Data Breach

A proposed class action accused Kirkland and several other companies, including health insurer Humana, of not doing enough to safeguard personal information that was affected by a May 2023 hack of Massachusetts-based Progress Software’s MOVEit Transfer file management software. Click to read entire article.

Media

Philadelphia Inquirer Data Breach Lawsuit Says Paper Waited More Than a Year to Disclose Massive Cyberattack

A class action lawsuit claims The Philadelphia Inquirer waited more than a year to disclose it had been hit by a data breach that impacted more than 25,000 people. Click to read entire article.

Healthcare

Feds Investigating Last Year’s Data Breach Affecting the Cook County Hospital System

In a subpoena obtained by WBEZ, the feds wanted a list of county documents about a hack that potentially affected 1.2 million patients. Click to read entire article.

70,000 Adventist Health Tulare Patients Being Notified of HIPAA Breach by Payment Collections Associate

Adventist Health Tulare has issued a press release about a breach at a business associate in Nebraska. The June 7 press release states, “A data security incident was recently discovered by Signature Performance, an agency working on behalf of Adventist Health Tulare to collect payment for services.” Their investigation determined that an unknown party accessed certain files on Signature Performance’s network. Click to read entire article.

Public Entities

Cyber Incident Forces Cleveland to Shut Down City Hall

Cleveland shut its city hall as officials investigate a cyber incident affecting some systems. City officials did not respond to questions about whether they are dealing with a ransomware attack, explaining they have not confirmed the incident’s “nature and scope,” but are focusing on securing and restoring services in the safest way possible. With nearly 400,000 residents, Cleveland becomes the latest large American city to shut down services following a cyber incident. Click to read entire article.

Ransomware Corner

Ticketmaster’s Snowflake Data Breach Was Just One of 165

Security analysts at Mandiant have notified 165 organizations about cloud storage accounts potentially cracked using stolen logins. Security researchers are reporting that a “significant volume of data” has been stolen from hundreds of Snowflake cloud storage customers via compromised login credentials, with the incident being linked to massive data breaches at Ticketmaster and Santander Bank. Click to read entire article.

Christie’s Data Breach Impacted 45,798 Individuals

At the end of May, the auction house Christie’s disclosed a data breach after the ransomware group RansomHub threatened to leak stolen data. The security breach occurred in early May and the website of the auction house was unreachable after the attack. According to BBC, Christie had problems in selling art and other high-value items worth an estimated $840 million due to a cyberattack. Click to read entire article.

Telecom

AT&T Customers May Be Entitled to Compensation

AT&T Inc. have disclosed a data breach affecting personal information of AT&T customers. Stating that the breach, affecting approximately 7.6 million current AT&T account holders and 65.4 million former account holders, exposed sensitive details including full names, email addresses, phone numbers, and social security numbers. Click to read entire article.

Frontier Communications Confirms Over 750,000 People Affected in Data Breach

Submitted to Maine’s attorney general, the data breach notification revealed that a total of 751,895 people had been affected by the data breach which occurred earlier this year. The US telecommunications company originally raised the alarm about the data breach in April 2024, filing with the Securities and Exchange Committee (SEC), though this filing sheds more light on the incident. Click to read entire article.

2023 Cyber Attack on Midwestern ISP Disabled Over Half a Million Internet Routers

A new report from Black Lotus Labs, the threat research division of Lumen Technologies, examines an October 2023 cyber attack on a small Midwestern US ISP that disabled about 600,000 internet routers for about three days. Click to read entire article.

Retail

My Daily Choice Data Breach Affects Over Personal Info of Over 89K Consumers

On June 5, 2024, My Daily Choice, Inc. (‘MDC”) filed a notice of data breach with the Attorney General of Maine after discovering that an unauthorized party was able to access information in the company’s possession. In this notice, MDC explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, and payment card information. Click to read entire article.

Canada/ UK

Privacy Authorities in Canada and UK Announce Joint Probe of 23andMe Data Breach

Canadian and British privacy regulators are together probing the global data breach of the genetic testing company 23andMe, authorities in the two countries announced. A breach discovered in October 2023 exposed the genetic data of at least 5 million users of the direct-to-consumer genetic testing company. Click to read entire article.

Samsung UK Customers Caught in Breach

Samsung said no financial data, bank card details, or customer passwords were involved. In an email sent to affected customers, the company said the data may include their name, phone number, address and email address. Click to read entire article.

Asia Pac

Japanese Vid-Sharing Site Niconico Needs Rebuild After Cyberattack

Offline for four days and counting, as are parent company and e-commerce brand. Click to read entire article.