We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Hackers Targeting COVID-19 Vaccine Supply Chain, Top 8 Ransomware Attacks of 2020 That Shook The Internet, AspenPointe Breach Compromises Personal and Healthcare Data of 295,617 Patients, and more.
Ransomware Corner
Hackers Exploit Chopper Maker Kopter’s Data on Dark Web, Leaking Internal Projects and Docs LockBit hackers allegedly breached Kopter’s database.
The cyber attackers leaked the company’s important files on the Dark Web after they infiltrated its internal network and encrypted the company’s files. Click to read entire article
Top 8 Ransomware Attacks of 2020 That Shook The Internet
Cognizant, Magellan, CPI, CSF, Baltimore Schools, Carnival, Canon. Click to read entire article
Cryptocurrency (DDoS BI)
Crypto exchange Poloniex faces outage due to DDoS attack
Global crypto exchange Poloniex experienced an outage earlier today, and the exchange noted that their services were unavailable due to an ‘unexpected issue’, the issue was later identified to have been caused due to a Distributed Denial-of-Service (DDoS) attack. Click to read entire article
Community Banking
River City Bank warns customers of data breach
River City Bank is warning some of its clients that it suspects a data breach of private customer information. Click to read entire article
Healthcare
(Settlement Alert!) Kalispell Regional agrees to $4.2M fund for security breach
Kalispell Regional Healthcare has agreed to establish a $4.2 million settlement fund to provide relief for individuals who allege they were impacted by a data breach of the hospital’s internal systems that was announced in October 2019. Click to read entire article
Allegheny Health Network’s donor and fundraising records hacked
Allegheny Health Network disclosed Friday that its fundraising records and donor database had been hacked as part of a ransomware attack at its technology vendor, Blackbaud. Click to read entire article
Imperium Health Patient Sensitive Data Leaked In Phishing Incident
Imperium Health Management, LLC has published a notice highlighting a recent incident that may have exposed patients’ sensitive data treated by the medical practitioners whom Imperium services. Click to read entire article
AspenPointe breach compromises personal and healthcare data of 295,617 patients
Nonprofit U.S. healthcare provider AspenPointe has said it suffered a major data breach in September that resulted in the loss of the personal and medical information of 295,617 patients. Click to read entire article
LSU Medical Center email breach potentially exposes data on thousands of patients Click to read entire article
Retail
Panera Hit With Ill. Biometric Privacy Lawsuit – Law360
Panera LLC broke Illinois’ landmark biometric privacy law when it required employees to scan their fingerprints. Click to read entire article
Connecticut Leads $17.5M Settlement Over Home Depot Data Breach
Attorney General William Tong today announced that Connecticut, along with the attorneys general of 45 other states and the District of Columbia, has obtained a $17.5 million settlement against Georgia-based retailer The Home Depot, resolving a multistate investigation into the 2014 data breach which exposed the payment card information of approximately 40 million Home Depot customers nationwide. Click to read entire article
Public Entity
County auditor employee sends $600,000 in taxpayer funds to scammers
An employee in the Lucas County Auditor’s Office fell victim to an email scam, sending more than $600,000 in public funds to what the employee thought was a construction contractor. Click to read entire article
Pharmaceutical
Hackers Targeting COVID-19 Vaccine Supply Chain Via Phishing Campaigns
DHS CISA highlighted a new IBM X-Force report showing cybercriminals are targeting the COVID-19 vaccine supply chain with phishing and spear-phishing attacks. Click to read entire article
Breach Regulatory Updates
First Classwide Settlement Involving CCPA Statutory Damages Provides Little Guidance Moving Forward
Three of the first consumer class actions alleging CCPA violations for a failure to implement and maintain reasonable security procedures and practices were filed in February and March of last year against Hanna Andersson and Salesforce.com. Click to read entire article
Canada
Metro Vancouver’s transit system hit by ransomware attack Click to read entire article
(Class Action Lawsuit Alert!) Dell Hit With Class-Action Lawsuit After Data Breach Led To Scam Calls
PC maker Dell has been hit with a proposed class-action lawsuit after exposing the personal information of thousands of Canadians in a 2017 data breach. Click to read entire article
EU/ UK
Royal Dutch Cycling Union refuses to pay ransom following data breach Click to read entire article
Africa
Bank Employee Sells Personal Data of 200,000 Clients
South Africa–based financial services group Absa has stated that one of its employees sold the personal information of 200,000 clients to third parties. Click to read entire article
Middle East
Shirbit hackers release more data as company refuses to pay ransom Click to read entire article
Asia Pacific
Lessons from BigBasket security breach Click to read entire article
New Zealand’s Refreshed Privacy Act Takes Effect
Includes new breach notification requirements, fines and greater regulatory powers.