We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. These exposures include business interruption, legal liability (such as class action lawsuits), as well as crisis costs to investigate the breach, notify the victims and defend/settle lawsuits, including AG regulatory enforcement actions and fines. Also, don’t miss the items below in ORANGE.
DON’T MISS OUT: NetDiligence’s Cyber Liabilty Conference, October 17-19 in Santa Monica, is rapidly approaching. We have very few seats left. REGISTER NOW to secure your place!
There were 44 reports of data breaches in August, and 233 from January through August, according to the monthly Protenus Breach Barometer. Click to read entire article.
Banner Health recently announced that hackers may have gained “unauthorized access to patient information” and “payment card data” from approximately 3.7 million patients, health plan members, food and beverage customers, and physicians. Click to read entire article.
An insurer that serves Medicaid enrollees in Lancaster County is among organizations affected by a data breach that reportedly could affect up to 3.3 million people. Click to read entire article.
Recent possible healthcare data breaches include cases of accidental online exposure, email error, and unauthorized email access. Click to read entire article.
Portland-based M Holdings Securities Inc., a subsidiary of M Financial Holdings Inc., has informed California’s attorney general of a stolen laptop with client information, including social security numbers. Click to read entire article.
Oregon credit union SELCO Community Credit Union accused Noodles & Company of failing to implement or maintain adequate data security measures for customer information despite highly publicized breaches at large national retailers and restaurant chains, according to court documents filed in a class action lawsuit. Click to read entire article.
Roughly 324,000 payment card details for over 105,000 users were leaked in July 2016 by a hacker going by the name of 0x2Taylor. Click to read entire article.
MICROS POS credit card payment systems operated by software company Oracle has thousands of companies around the world concerned about customer data safety. Oracle’s MICROS is one of the top three POS vendors in the world, and it is estimated to be used at approximately 330,000+ global locations, including over 200,000 food and beverage outlets, 100,000 retail stores and 30,000 hotels. Click to read entire article.
The outdoor clothing and accessories retailer Eddie Bauer is the latest victim of point-of-sale malware to admit that its customers’ card details may have been stolen. Click to read entire article.
– Provision Supply LLC – doing business as EZcontactsUSA.com – will pay a $100,000 penalty and strengthen its data security practices after allegations of a data breach, New York Attorney General Eric T. Schneiderman has announced. Click to read entire article.
The personal information, including social security numbers, of state employees was used to apply for state unemployment claims. That’s according to the Nevada Department of Transportation which notified its employees yesterday of the situation. Click to read entire article.
A computer security breach has been reported at the main courthouse server in Anderson County, officials said this week. It’s a system-wide breach, said Anderson County Law Director Jay Yeager. “The extent, type, and amount of data compromised has not yet been fully determined,” Yeager said. “However, this may include your confidential personal identifying data including Social Security numbers, dates of birth, home addresses, health insurance information and claims, payroll information, bank accounts, routing numbers, Veterans Service Office benefit documents, and possible employee credit union account information.” Click to read entire article.
A computer security breach in Anderson County could have affected about 1,800 full-time and part-time government employees, and the Anderson County Commission has agreed to spend up to $100,000 to fix it. Click to read entire article.
ClixSense, a site which pays users to view ads and take surveys, was the victim of a massive data breach compromising around 6.6 million user accounts. Usually when there’s a data breach of this size, the information stolen contains usernames, passwords, and some other personal information, but due to the nature of ClixSense and the service it provided, home addresses, payment histories, and other banking details have also been compromised. Click to read entire article.
The Hutton Hotel is warning customers about a data breech that may have compromised the credit card information of thousands of guests. Click to read entire article.
The University of Alaska Anchorage’s Mat-Su campus has been hit by a data breach, according to a University of Alaska news release Tuesday. Click to read entire article.
Four years after a data breach at cloud storage service Dropbox, details of more than 68 million user accounts have reportedly been leaked. Click to read entire article.
Earlier this year, a senior HR executive at Seagate fell for a phishing scam, which resulted in thousands of employees’ tax information being exposed. The employee was fooled into giving away personally identifiable information (PII) of 10,000 past and current employees and W-2 forms that include their Social Security numbers along with their wage, salary and tax information to the scammers who posed as the CEO Stephen Luczo of the company. Click to read entire article.
EurekAlert — a widely-used web-based news service that serves the world’s science and medical writers — was taken offline Wednesday morning due to a serious security breach. Click to read entire article.
…The latest data breach count from the Identity Theft Resource Center (ITRC) reports that there have been 657 data breaches recorded this year through September 8, 2016, and that nearly 29 million records have been exposed since the beginning of the year. Click to read entire article.
Shortly after the work day began on Feb. 19, 2013, a bizarre email popped up in the inboxes of dozens of NorQuest College senior executives and staff. Click to read entire article.
An Ontario court recently approved a settlement in a class action lawsuit against Home Depot of Canada, Inc. and its corporate parent arising from a data breach in 2014 that affected its payment card system. Click to read entire article.
GBHS says hundreds of patients records were opened without authorization. Click to read entire article.
UK-based IP Telephony service VoIPtalk warned customers of a potential data breach over the weekend. The firm has implemented tighter security controls and advised customers to change their passwords. Click to read entire article.
The data breach at UK accounting software company Sage has brought the insider threat facing businesses into focus and, according to security experts Hypersocket Software, highlights the need for more stringent access control. Click to read entire article.
Hackers have stolen 22 gigabytes of data from municipal servers in Almelo, reports NU.nl. Click to read entire article.
Opera offers a product called Opera sync: a convenient cloud-based service that keeps track of what do in Opera as you go along. … Of course, this leaves more to go wrong in the case of a network intrusion, and unfortunately for Opera sync users, the company announced a breach late last week. Click to read entire article.
A Northern Ireland nursing home has been fined after a data breach relating to sensitive details about patients and staff, connected to the theft of a computer. Click to read entire article.
An investigation panel was formed yesterday by the national telecom regulator to examine the causes of a customer data breach perpetrated by an Advanced Info Service (AIS) employee. Click to read entire article.
Mark Greisiger
NetDiligence®
Cyber Risk Assessment & Data Breach Services