We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. These exposures include business interruption, legal liability (such as class action lawsuits), as well as crisis costs to investigate the breach, notify the victims and defend/settle lawsuits, including AG regulatory enforcement actions and fines. Also, don’t miss the items below in ORANGE.
The number of credit unions suing Wendy’s over its recent data breach has soared in recent weeks, and other members of the industry are also piling into the class action suit against the fast food chain. The case against the burger chain now includes 19 credit unions, three banks, four credit union leagues and CUNA. In July, a Pennsylvania District Court Judge consolidated the suits. Click to read entire article.
Nonprofit hospital system Banner Health began sending out letters to 3.7 million people Wednesday after it said it was the victim of a sophisticated cyberattack of patients’ and customers’ health care and credit card information. The hack originated on computer systems at Banner locations selling food and beverages through credit card transactions, and spread from a breach of cardholder data to include patient and health plan information, Banner said in a statement announcing the attack. Physicians and health care providers were also victims of the breach. Click to read entire article.
After failing to notify patients of a potential data breach in 2013, the University of Mississippi Medical Center announced Friday it will pay the civil rights division of the U.S. Department of Health and Human Services a $2.75 million penalty. …The investigation stemmed from the theft of an intensive care unit laptop that created a potential data breach that could have affected 10,000 patient. Click to read entire article.
Oregon Health & Science University has agreed to pay $2.7 million to resolve U.S. Department of Health and Human Services Office for Civil Rights investigations of two data breaches that affected more than 7,000 patients, the university announced Wednesday. Click to read entire article.
In March, 21st Century Oncology reported that 2.2 million cancer patient records were exposed in a data breach. At least 17 separate class action lawsuits have been filed in Florida and California over this breach. On July 14, a U.S. magistrate judge in Fort Myers recommended the case be consolidated into a single claim and transferred to Florida. Click to read entire article.
According to a press release, Prosthetic and Orthotic Care (P&O Care) learned of a possible breach on July 10, 2016. The Federal Bureau of Investigation (FBI) began an investigation and found a hacker obtained patient medical records due to a previously unknown flaw in software purchased by the office. Medical records included names, contact information, P&O Care patient identification numbers, diagnostic codes, appointment dates and last billing amounts. Some records also contained Social Security numbers, birthdates, medical insurance companies, identification information and photos of procedures. Click to read entire article.
A Laurel clinic has issued a warning to a small group of their patients after a recent data breach of their systems. Click to read entire article.
Attorney Advertising. Keller Rohrback L.L.P. is investigating recent reports of a large data breach of patient information from the Georgia-based Athens Orthopedic Clinic (“AOC”). Reports indicate that approximately 397,000 current and former patients may have had their information exposed, and that 500 patient records appeared for sale on the black market by a group of web hackers who call themselves the “Dark Overlords”. Click to read entire article.
StarCare Specialty Health System announced on Monday a breach of patient information stemming from a burglary earlier this year. People broke in to the StarCare/StarQuest office at 3315 East Broadway on May 30 and stole five laptops, according to a statement from StarCare. Click to read entire article.
Ponemon reported that “over the past two years the average cost of a data breach for healthcare organizations is estimated to be more than $2.2 million. No healthcare organization, regardless of size, is immune from data breach.” The “Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data” study included this alarming information about healthcare’s ability to properly protect ePHI (electronic Protect Health Information) and included data from 91 Covered Entities and 84 Business Associates… Click to read entire article.
The defendant is Sprouts Farmers Market Inc., an enterprise based in Phoenix, Arizona, with 224 stores across the country. The allegation is that W-2 Wage and Tax forms belonging to any employee having worked for Sprouts in 2015 may have been compromised. Click to read entire article.
Malware was found on the devices used to run bank and credit cards at restaurants. Cici’s is investigating data breaches at more than 100 restaurants across the country, starting in March 2015, with most of the breaches beginning March of 2016. Click to read entire article.
Labels behind Radiohead, Vampire Weekend, the xx, more, say credit card information may have been stolen from online stores. Click to read entire article.
Kimpton Hotels, a boutique hotel brand that includes 62 properties across the United States, said yesterday it is investigating reports of a credit card breach at multiple locations. Security Experts commented below. Click to read entire article.
Omni’s Austin hotels were affected by a recently discovered data breach, the Dallas-based chain said Wednesday. Click to read entire article.
The publisher of Rolling Stone magazine is running afoul of Michigan’s Video Rental Privacy Act by selling its customers’ names, subscription history and other personal information to “anyone willing to buy” the data, according to a putative class action recently filed in federal court. Click to read entire article.
Disney announced on Friday via a statement on its website that it shut down the Playdom Forums after it had detected a data breach at the start of the month. Click to read entire article.
Two prominent gaming companies have announced this week that they suffered data breaches at the hands of unknown hackers. Click to read entire article.
The job review and recruiting website Glassdoor exposed the identities of 600,000 anonymous users and opened them up to retaliation by “carelessly” revealing their email addresses in a recent blast to members, according to a putative class action filed in California federal court Monday. Click to read entire article.
A research sponsored by IBM Security that analyzed the financial impact of data breaches to a company’s bottomline found that the average cost of such incidents has grown by a whopping 29 per cent since 2013 to about USD 4 million in 2016. Click to read entire article.
Yahoo is investigating claims the hacker linked to “mega-breaches” at MySpace and LinkedIn has posted details of 200 million Yahoo accounts to a marketplace on the dark web. Usernames, passwords and dates of birth are being offered for sale for three bitcoins (£1,360). Click to read entire article.
Saskatchewan Government Insurance (SGI) has notified customers of a privacy breach by an employee at an independent motor license issuing office in Vonda, Sask. Click to read entire article.
Personal data for 10,000 public servants was mistakenly emailed to an outside contractor IBM calling into question the just how well the federal government is protecting the privacy of its employees. (CBC) Click to read entire article.
HACKING group OurMine claim they took down US and UK HSBC servers following a spate of cyber attacks on major tech firm bosses. Click to read entire article.
Netia SA., a Polish telecom operator, has just suffered a massive data breach. During an attack, hackers gained access to 14 gigabytes of customer data, and kept the website down for a good portion of the day. Now, Netia is in recovery mode. Click to read entire article.
Canonical, the company behind the popular open-source operating system Ubuntu, has told users of its forums that personal details may have been exposed in a recent data breach. Click to read entire article.
Nearly $70 million worth of the virtual currency bitcoin was stolen Tuesday from Hong Kong bitcoin exchange Bitfinex, leading the exchange to halt all trading and shut down its website. Click to read entire article.
Interpark, Korea’s leading online shopping site, now faces potential lawsuits after it revealed on Monday that the personal data of more than 10 million members had been leaked. Click to read entire article.
Two Vietnamese commercial banks have taken measures to protect customers who have used their cards in transactions with Vietnam Airlines, in the wake of a breach concerning more than 400,000 membership credentials of the national flag carrier. Click to read entire article.
The Monetary Authority of Singapore (MAS) is investigating a case involving UOB, which had its clients’ unshredded documents found in a trashbag under a tree at Boat Quay, and said that it will take action against banks that do not safeguard the confidentiality of customer information. Click to read entire article.
The bureau is facing criticism from privacy and civil liberties groups over changes to the 2016 census, which involve the retention of people’s names and addresses. Click to read entire article.
Cyber Risk Assessment & Data Breach Services