We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. These exposures include business interruption, legal liability (such as class action lawsuits), as well as crisis costs to investigate the breach, notify the victims and defend/settle lawsuits, including AG regulatory enforcement actions and fines. Also, don’t miss the items below in ORANGE.
Florida’s Memorial Healthcare Systems has agreed to pay $5.5 million to the federal government to settle allegations that it didn’t properly protect patient data in a record-tying Health Insurance Portability and Accountability Act deal, the feds announced Thursday. Click to read entire article.
Children’s Health has paid an almost $3.2 million federal penalty after a multiyear investigation into patient data privacy breaches. Click to read entire article.
An Oregon federal judge has found Premera Blue Cross can’t escape revised consumer and employee allegations of fraud in multidistrict litigation stemming from a 2015 data breach affecting 11 million people. Click to read entire article.
About 200 patients of the UNC School of Dentistry have been notified that their personal information might be in the hands of a thief, according to school officials. Click to read entire article.
In a statement released by the hospital, the breach was discovered Friday morning. The breach showed that there has been unauthorized access to the employee information database, called eConnect/Peoplesoft. Medical center officials learned about the breach this week and told employees as quickly as possible. The database contains the names, social security numbers, and W-2 forms of current and former employees. The database does not contain patient information. Click to read entire article.
Flint, Michigan-based Singn and Arora Oncology Hematology is notifying 22,000 patients that some of their information may have been accessed in a cybersecurity breach. Click to read entire article.
Last month, a Tennessee Federal court ordered Mapco Express, Inc. (“Mapco”) to pay approximately $1.9 million to settle class action claims arising from a 2013 data breach of its retail computer systems. The lawsuit was brought in 2014 by Winsouth Credit Union and First National Community bank and alleged that Mapco failed to adequately protect consumer financial information at its retail locations. Click to read entire article.
On January 26, New York Attorney General Eric Schneiderman announced a settlement with Acer Service Corporation over an alleged data breach involving more than 35,000 credit card numbers, including the credit card information and other personal information of 2,250 New York residents. As part of the settlement, Acer agreed to pay $115,000 in penalties and to improve its data security practices. The penalty amounts to approximately $50.12 per New York resident potentially affected. Click to read entire article.
A point-of-sale malware attack on corporate-owned Arby’s restaurants added an estimated 350,000 compromised records to the total number of records exposed so far in 2017. Arby’s owns about 1,000 of its more than 3,300 U.S. stores. Not all the company-owned stores and none of the franchised stores were affected, according to the company. Click to read entire article.
Columbia Sportswear’s prAna brand has become the industry’s latest cyber-breach victim. When the lifestyle brand’s e-commerce site was targeted last week, the incident lead Columbia to “immediately launch an investigation and engage a leading third-party cyber security firm to assist us,” Columbia’s CEO Timothy Boyle said. Click to read entire article.
An online security breach at a national printing chain leaked thousands of sensitive documents — from labor filings involving NFL players to lawsuits against Hollywood studios to personal immigration-related papers — raising the possibility that private information could end up in the wrong hands. Click to read entire article.
A data breach of two popular gaming forums has exposed the account details of 2.5 million users, potentially opening up their other online accounts to attack by hackers. Click to read entire article.
InterContinental Hotels Group Plc on Friday confirmed a data breach from payment cards used at 12 of its hotels in the United States, a little over a month after it said it was investigating claims of a possible breach. A malware in the servers searched for track data – the cardholder’s name, card number, expiration date and the verification code – on the cards used at the hotels between August and December last year, the company said in a press statement. Click to read entire article.
The Texas Department of Transportation says some personal information of employees was compromised last week due to a “security incident.” Click to read entire article.
Authorities say as many as 7,700 Manatee County school employees are at risk of being victims of a data breach. Click to read entire article.
Mercer County Schools employees will received identity theft protection for a year after a security breach targeting their W-2 forms information was reported to the FBI and the West Virginia Attorney General’s Office. Click to read entire article.
Computer hackers broke into the computer network for the San Antonio Symphony this week, stealing the names, birth dates, Social Security numbers, addresses and W-2 tax forms for about 250 employees, the organization confirmed Tuesday. Click to read entire article.
In an order filed Thursday, February 9, 2017 in the Northern District of California, U.S. District Judge Lucy H. Koh appointed John A. Yanchunis of Morgan & Morgan and ClassAction.com to serve as Lead Plaintiffs’ Counsel and Chair of the Plaintiffs’ Executive Committee. Click to read entire article.
A small-business owner who used Yahoo Inc. services to run his websites and advertise online launched a proposed class action against the internet giant on Wednesday for breaching its contract and negligently allowing hackers to make off with a billion users’ data in two breaches disclosed last year. Click to read entire article.
Keller Grover LLP is investigating recent reports that Sunrun Inc. may have suffered a data breach involving its employees’ highly confidential personal information, including name, address, Social Security number and 2016 compensation. Click to read entire article.
Van’s Honda in Ashwaubenon says its customers are receiving letters to say their personal information might have leaked online through a third-party company. The issue came to light last November for more than 100 auto dealers across the country using DealerBuilt, a software company based in Iowa which provides data backup for dealerships. Click to read entire article.
One in four U.S. consumers (26 percent) have had their personal medical information stolen from technology systems, according to results of a survey from Accenture (ACN) released today at HIMSS2017 in Orlando. Click to read entire article.
Capgemini released a new report which stated that only one in five (19%) UK financial service organisations are highly confident they can detect a data breach (21% globally). Click to read entire article.
Polling 3,000 chief security officers worldwide, Cisco’s 10th annual cybersecurity report found that 50% of breached companies faced public scrutiny after a breach. Operations and finance systems were the most affected, though the cost of a data breach was not isolated to financial loss. 22% of breached organisations in 2016 lost customers, with 40% of companies seeing 20% of their customer base abandon them in the wake of a security incident. 23% of breached organisations lost business opportunities, with 42% losing more than 20%. Click to read entire article.
…roughly 7,500 people whose personal information, including names, birth dates, health numbers and genders, has been accessed using the province’s PharmaNet system. Click to read entire article.
Danish telecoms company 3 said on Monday one or more hackers had stolen data from around 3,600 of its customers and attempted to get the company, owned by CK Hutchison Holdings Ltd and Investor AB, to pay “millions” to not publish it. Click to read entire article.
Internal documents have revealed some of the 113 instances that were recorded, including an X-ray report being discovered by staff in an Irish Penneys store. Click to read entire article.
Sports Direct has left its 30,000-strong workforce in the dark over a data breach in the autumn when a hacker accessed internal systems containing staffers’ personal information. Click to read entire article.
The Australian law will come into effect some time in the next 12 months, requiring breaches that cause “serious physical, psychological, emotional, economic and financial harm, as well as serious harm to reputation and other forms of serious harm” to be reported to Australia’s Privacy Commissioner within 30 days of the breach. Click to read entire article.
In the investigation of the breach of 32 lakh debit cards last year, Hitachi Payment Services today said it suffered a breach due to a sophisticated malware attack. Click to read entire article.
Cyber Risk Assessment & Data Breach Services