We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. These exposures include business interruption, legal liability (such as class action lawsuits), as well as crisis costs to investigate the breach, notify the victims and defend/settle lawsuits, including AG regulatory enforcement actions and fines.

VerticalScope has experienced a major data breach, with cybercriminals making off with over 45 million records belonging to over 1,100 websites, it has been reported. LeakedSource, which provides detailed information on data breaches, said that some of the websites impacted by this include Techsupportforum.com, MobileCampsites.com, Pbnation.com and Motorcycle.com. Click to read entire article.

A group of hackers going by the handle of TeamGhostShell has leaked more than 36 million accounts/records of internal data from several vulnerable networks in order to raise awareness about the poor security infrastructure implemented on MongoDB databases by their owners. Click to read entire article.

At least 10 million Android devices have been infected by malware called HummingBad, according to cybersecurity software maker Check Point. Click to read entire article.

The US Federal Reserve was breached 50+ times between 2011 and 2015, including several instances of espionage likely carried out by nation-state hackers. Click to read entire article.

City employees in Chicago had an unpleasant surprise earlier this month. Scammers got access to some retirement accounts and took fraudulent loans worth $2.6 million, reports said. Initial reports said it was a hack in which the bad guys used the personal information of employees to set up online profiles with the city’s deferred compensation plan. Click to read entire article.

A hacker that claimed to have stolen databases from three U.S. healthcare organizations and has advertised more than 650,000 patient records as up for sale on Dark Net, increased that number today to a staggering 9.3 million. …the hacker is requesting an additional 750 Bitcoins, valued at nearly $500,000, for the fourth database with patient information including names, addresses, phone and social security numbers. Click to read entire article.

A network of California cancer centers is facing a $57 million lawsuit from a putative class of patients alleging the health care provider is responsible for carelessly handling their private information after a data breach. Click to read entire article.

Dignity Health, which owns Mercy Medical, announced today that information from 520 patients was inappropriately accessed. The incident involved its business partner Navi-Health, which assists mercy with patient support after leaving the hospital. Click to read entire article.

• Univ New Mexico (2800)
• ProMedica (3,472)
• Stamford (Conn.) Podiatry Group (40,000)
• Carondelet St. Mary’s and Carondelet St. Joseph’s emergency rooms (1000)
• Southeast Eye Institute (87000)
• A chiropractic clinic in Ann Arbor, Mich (4000)
• KansasHeartHospital (ransomware attack)
• California Correctional Health Care Services (loss laptop)
• Greenway Health (1000)
• UnityPoint Health – AllenHospital (1620)

Click to read entire article.

The Hard Rock Hotel & Casino in Las Vegas said Monday that customer payment—card data was accessed after malware was placed on the resort’s payment-card system, becoming the latest hotel to report such a breach. Click to read entire article.

Cowboys Casino is investigating a possible data breach after its computer system was the target of a cyber-attack.. Click to read entire article.

Two senior employees with the State of Alabama Department of Finance have been disciplined by Governor Robert Bentley, with one being fired. Click to read entire article.

A recent cyberattack on the Minnesota Judicial Branch’s website underscored a growing threat that state officials warn will become more difficult to combat without additional resources. …Last week’s attack on the judicial website is known as a “distributed denial-of-service” (DDOS) attack, which overwhelms a website with network traffic, effectively blocking out legitimate users. It was the second such attack since late 2015, and similar to other attacks on government computers around the globe. Click to read entire article.

Annapolis officials have received reports of people noticing fraudulent activity on their credit and debit cards after the city on Tuesday announced a potential data breach for people using those cards at city garages. Click to read entire article.

Want access to a government server? An online black market is selling access to thousands of hacked servers for as little as US$6. Click to read entire article.

The Wendy’s data breach may be much bigger than originally thought, according to reports. …That breach was thought to have affected 300 franchisee-owned Wendy’s restaurants in the United States and Canada (company-owned stores were not affected by the breach). But based on the number of fraud complaints linked to Wendy’s, experts say the breach could be much bigger than originally announced. In fact, some experts warn the breach could be bigger than the Home Depot or Target breaches, both of which affected more than 40 million people. Click to read entire article.

Veridian Credit Union recently filed a class action lawsuit against Wendy’s in response to a credit card breach that hit the fast food vendor’s point of sale (POS) systems starting in the fall of 2015, Law360 reports. Click to read entire article.

A payment card issuer that’s suing Wendy’s for costs associated with a data breach that began in October argues that the fast food chain’s tardiness in transitioning to new payment technology makes it liable. Click to read entire article.

If you are an Acer customer or ever attended one of their events and used your credit or debit cards for online shopping you have something to worry about as Acer has revealed that its servers were breached and as a result hackers got access to 34,000 customer data. Click to read entire article.

Visa and MasterCard are using security measures prone to fraud, putting retailers and customers at risk of thieves, The Home Depot says in a new federal antitrust lawsuit. Click to read entire article.

Brief: Greenwich university has suffered a massive data breach in what looks like a revenge hack – The unknown hacker stole entire database and leaked it on the Dark Web! Click to read entire article.

The BitTorrent Client uTorrent, established by Ludvig Strigeus and later acquired by BitTorrent Inc., has issued a warning to its users regarding a security breach of their forum which allowed hackers to steal user information and password hashes of the site. Click to read entire article.

Social networking site VK.com is the latest victim in a string of targeted data breaches that have hit a host of other social media outlets such as LinkedIn, Tumblr and Myspace. Click to read entire article.

Social networks MySpace and Tumblr faced a major data breach. BBC recently reported that a total of 65,469,298 Tumblr accounts and over 360 million MySpace account details are offered for sale online. Click to read entire article.

Verizon’s 2016 Data Breach Investigations Report found human vulnerabilities and errors continue to be among companies’ top data security threats. Click to read entire article.

A vast majority of consumers said they would not buy another vehicle from a dealership after their data had been compromised, according to a recent survey given to both dealers and buyers. Click to read entire article.

The average cost of a data breach is $4 million, up 29 percent since 2013, according to Ponemon Institute and IBM data. Click to read entire article.

The American Bankers Association – through its Corporation for American Banking subsidiary – announced today that it has endorsed Rippleshot’s automated card compromise detection platform. The tool, Rippleshot Sonar, is a cloud-based technology solution that uses machine learning and data analytics to identify fraud more quickly and efficiently. Reviewing millions of transactions, Rippleshot Sonar can pinpoint when and where a breach occurred. Click to read entire article.

Empire Life is responding to a data breach that may have affected a number of its customers. Late last year, the insurer was the the victim of an email phishing incident in which an unauthorized source gained temporary access to ten internal employee email accounts. In phishing, a third party impersonates a trustworthy individual or organization and tricks people into supplying personal information such as usernames and passwords. Click to read entire article.

The University of Calgary paid a $20,000 ransom in untraceable Bitcoins to shadowy hackers after a devastating malware attack. Click to read entire article.

Following the news that Japan’s largest travel agency JTB Corp having 7.93 million passport details, home and email addresses stolen by hackers, Guy Bunker, Senior Vice President at Clearswift commented below. Click to read entire article.

Middle Eastern companies, including financial institutions, have experienced more than $1.4 million in financial losses due to security breaches. This is according to data from Gemalto, which surveyed 1,100 IT decision makers worldwide. In the study, 94% of Middle East companies said that their perimeter security systems like firewalls and anti-virus were effective defence. Click to read entire article.