We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. These exposures include business interruption, legal liability (such as class action lawsuits), as well as crisis costs to investigate the breach, notify the victims and defend/settle lawsuits, including AG regulatory enforcement actions and fines.

---

DON’T MISS OUT:
NetDiligence’s second annual Cyber Risk Summit in Toronto gets underway on Thursday. We have very few seats left, so REGISTER NOW  to secure your place!

---

An unidentified American company was defrauded last year out of nearly $100 million by individuals who created a fake email address in order to pose as one of its legitimate vendors, U.S. authorities said on Thursday. Click to read entire article.

PROFESSIONAL SERVICES

In a rare move, US law firm Cravath, Swaine & Moore has publicly confirmed a ‘limited breach’ of its IT systems in mid-2015. …WSJ reports that federal investigators are currently looking into whether the cybercriminals targeting the law firms may have been seeking to access data from large M&A firms for the purpose of insider trading. Click to read entire article.

A breach of confidential personnel information at WLNE-TV, Channel 6, has led the station to write an apologetic letter to current and former employees and contact the Rhode Island State Police. …The file included names, Social Security numbers, driver’s license numbers, bank account and credit card numbers, employment contracts, evaluations, and separation agreements. Click to read entire article.

U.S. District Court for the Central District of California approved the class settlement which will extend identity protection services for class members through December 2017. In addition, Sony will “establish a $2 million non-reversionary fund to reimburse” class members for preventative measures taken to prevent identity theft related to the cybersecurity attack and $2.5 million to class members who “experience actual” losses from identity theft related to the hack. The settlement also includes $3.49 million in attorney’s fees. Click to read entire article.

PUBLIC ENTITY

A spokesman for Baltimore mayor Stephanie Rawlings-Blake confirms the city and federal authorities are investigating an unauthorized access of employee data. Someone or a group has stolen personal information from an unknown number of Baltimore City employees and filed fraudulent tax returns, the city announced Thursday to all employees. Click to read entire article.

Nearly 30 Lamar County School District employees’ had their personal information compromised after an employee portal experienced a data breach. Click to read entire article.

The Olympia School District plans to offer its 2,164 employees free credit monitoring and identity theft resolution services in wake of a major data breach on Tuesday. An email — configured in a way to look as though it had originated from Olympia Superintendent Dick Cvitanich’s school district account — was sent to an employee requesting a list of employee names, addresses, salary information and Social Security numbers, officials say. A list with that information was released at about noon to the outside entity that had spoofed Cvitanich’s account, Gifford said Click to read entire article.

The Escambia County School System is one of three in the state hit with a recent payroll accounting system security breach that allowed fraudulent tax returns to be filed in employee names. Click to read entire article.

Global software and services company BackOffice Associates is dealing with a data breach that could affect some employees for years to come. The company told employees via email Monday that “tax documentation” – specifically the 2015 W-2s of its United States-based employees – was “inadvertently disclosed to an unknown individual.” Click to read entire article.

In yet another example of fragile security in federal cyber systems, data for 44,000 Federal Deposit Insurance Corp. customers were breached by an employee leaving the agency. …The March 18 memo from Lawrence Gross Jr., FDIC’s chief information officer and chief privacy officer, to FDIC Chairman Martin J. Gruenberg said the data were downloaded to a personal storage device “inadvertently and without malicious intent.” Click to read entire article.

CoinWallet.co has announced it is shutting down at the end of April and requested clients to withdraw all coins before the 1st of May 2016. The decision to close was based primarily on the fact that “on the 6th of April we suffered a data breach.” Click to read entire article.

It was found out that unknown cyber criminals hacked the computer systems of Bangladesh Bank, attempting to steal a total of $951 million from its account at the Federal Reserve Bank of New York. Click to read entire article.

Consumers whose debit- or credit-card data may have been stolen got the go-ahead Thursday to sue the restaurant chain that was the target of a security breach. The 7th U.S. Circuit Court of Appeals revived a class-action lawsuit filed against P.F. Chang’s China Bistro Inc. after the restaurant chain’s computer system was hacked. Click to read entire article.

The American College of Cardiology (ACC) notified 1,400 institutions that patient data from the National Cardiovascular Data Registry (NCDR) might have been breached. After discovering the issue in December, the ACC found that four software development vendors who were testing software had access to NCDR patient data, according to the ACC. …More than 2,400 hospitals and more than 2,000 outpatient providers participate in the NCDR. Click to read entire article.

More than 1,000 patients of Florida Department of Health clinics in Palm Beach County may be at risk of identity theft after a breach of medical records, state officials disclosed Monday. Federal investigators determined that patient names, Social Security numbers, phone numbers, dates of birth and medical record numbers were among the sensitive information that was taken, according to the Health Department. Click to read entire article.

Of all the potential data breaches that could lead to headache, heartbreak, identity theft and a data breach lawsuit, perhaps the most damning and potentially embarrassing breach is the unlawful access of medical records. Click to read entire article.

The names and Social Security numbers of Turner Construction Co. employees were inadvertently exposed in a data breach affecting workers across the country. An employee mistakenly forwarded the employees’ information, along with earnings and tax information, to “a fraudulent email address”… Click to read entire article.

Yale’s Internet network came under attack Thursday evening after unknown hackers jammed the YaleSecure network for hours into the night. Click to read entire article.

In a verdict that runs contrary to recent judicial decisions under similar circumstances, a federal appeals court yesterday upheld a ruling that insurance firm Travelers Indemnity Company of America, under the terms of a commercial general liability (CGL) policy, has a duty to defend its client Portal Healthcare Solutions in a lawsuit stemming from an electronic data breach. Click to read entire article.

…There are approximately ten million VIZIO smart TV’s equipped with the company’s VIZIO Internet Apps (VIA or VIA Plus) smart platform, with its tracking algorithm called “Smart Interactivity.” This allows VIZIO to keep track of the users’ viewing habits without their knowledge. VIZIO may share that data with advertisers, sometimes without camouflaging a user’s Internet Protocol (IP) address, and advertisers can then connect those habits to a particular user’s other electronic devices. Click to read entire article.

Tennessee looks to abolish the “encryption safe harbor” law that many data privacy lawyers believe creates unnecessary stress on businesses. Click to read entire article.

As reported by The Telegraph, a compressed file has been posted online by an unnamed group appearing to contain information including names, addresses, parents’ first names, cities of birth, birth dates, and national identifier numbers used by the Turkish government. Click to read entire article.

The National Childbirth Trust (NCT) has suffered a data breach that has exposed the registration details of 15,000 people. Click to read entire article.

The Comelec is downplaying the hacking of its website last Mar. 27. But sensitive personal info on 55 million voters have been exposed. Dumped in public websites, the data include not only names, birth dates and addresses, but also fingerprints, photos and signatures, experts note. Click to read entire article.

RELATED: Bangladesh Bank hackers compromised SWIFT software, warning to be issued. Click to read entire article.

A possible system failure due to hacking of the online banking system on Sunday may have resulted in a large number of customers of State Bank of Mysore losing their money to online fraudsters, bank officials in Bengaluru have ascertained. Click to read entire article.

Regards,
Mark Greisiger

NetDiligence^®
Cyber Risk Assessment & Data Breach Services

Mark.Greisiger@NetDiligence.com
610.525.6383 (office)
www.NetDiligence.com