We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. These exposures include business interruption, legal liability (such as class action lawsuits), as well as crisis costs to investigate the breach, notify the victims and defend/settle lawsuits, including AG regulatory enforcement actions and fines. Also, don’t miss the items below in ORANGE.
A packed two-track, full-day agenda with Regulatory and Litigation Updates, Security Solutions and all things Cyber Coverage! New this year, a designated track just for Risk Managers. Our conference will be held once again at the beautiful Ritz-Carlton in Toronto. LEARN MORE.
Privacy incidents at government departments, equipment suppliers and other healthcare organizations captured public attention last month. …Here are 11 incidents, as reported to HHS’ Office for Civil Rights breach portal or covered by Becker’s Hospital Review. The incidents are presented in order of number of patients affected. Click to read entire article.
Peachtree Neurological Clinic discovered a 15-month breach in the process of investigating a recent ransomware incident, the Atlanta-based provider announced this week. While PNC officials did not disclose when the most recent ransomware attack occurred, its electronic health record system was encrypted by the virus. Instead of paying the ransomware, officials were able to restore the files and functionality from backup records.. Click to read entire article.
The technology company at the center of an ongoing Medicaid payment fiasco in Colorado now says a system glitch might have inadvertently shared the private health information of 822 people. Click to read entire article.
The Detroit Medical Center says a breach of health information affects more than 1,500 patients seen at one of its facilities in 2015 and 2016. The health system announced Thursday that a staffing agency contracted by the DMC notified hospital officials that one of the agency’s employees provided the information to unauthorized people who weren’t affiliated with the DMC organization. Click to read entire article.
Recent possible healthcare data breaches include an email phishing attack, a ransomware attack, and an instance of PHI exposure lasting two years. Click to read entire article.
Recent potential health data breaches include an instance of misplaced documents, a ransomware attack, and an online error resulting in document delivery to the wrong medical facility. Click to read entire article.
A global cyber attack has hit chocolate company Cadbury’s factory in Claremont, Tasmania. It’s the first place in Australia known to be affected by the ransomware attack which has hit companies including Mondelez International, the owner of the Cadbury factory. The Australian Manufacturing Workers’ Union’s Tasmanian secretary John Short says production stopped about 9.30pm on Tuesday after computers stopped working at the factory. Click to read entire article.
The hack took only a few minutes but allowed the criminal to escape with millions in investor funds. Click to read entire article.
The financial firm says the personal information of more than two million customers has been exposed because of the breach, including subscribers to the Wall Street Journal. Click to read entire article.
Millions of Verizon customers have had their records exposed, ZDNet reported earlier today. Verizon confirmed that 6 million records were compromised by Nice Systems, a Verizon partner that facilitates customer service calls. The records, which held logs from residential customers who had called Verizon customer service in the past six months, were accessed via an unprotected Amazon S3 storage server controlled by an employee of Nice Systems. Click to read entire article.
The complaint alleges that Brooks Brothers violated California constitutional laws and California unfair competition laws; breached implied contracts, and acted negligently, when the company failed to safeguard and protect its customers’ information from threat of being lost, stolen, misused, and/or disclosed to unauthorized parties. Click to read entire article.
Avanti Markets, which provides food kiosks often found in company breakrooms, fell victim to a data breach that may have impacted up to 1.6 million people. The Tukwila, Washington-based company said the incident affected employees’ payment card information, email addresses and possibly their saved biometric authentication data. Click to read entire article.
BYU had yet to release the cause of Y-Expense’s shutdown as of Monday, July 3, and the university did not issue a timetable for it coming back online. The Y-Expense reporting system has been inaccessible since June 20. Those attempting to access the system continue to be met with a message that reports Y-Expense is temporarily down for maintenance. Click to read entire article.
Letters from Washington State University (WSU) have begun to arrive in the mail boxes of approximately 1 million individuals whose personal identifiable information was compromised when a safe which contained a backup hard drive was stolen. Click to read entire article.
Los Angeles subsidiary of the California Assn. of Realtors has suffered a data breach that may have exposed the personal information of up to 1,033 individuals who made purchases through its website. Click to read entire article.
Most people know about phishing — but one casino recently learned about the dangers of actual fish tanks. Hackers attempted to steal data from a North American casino through a fish tank connected to the internet, according to a report from security firm Darktrace. Click to read entire article.
Hackers tried to breach Pennsylvania government computers over 90 billion times in 2016, a state official said Tuesday, highlighting the scope of the cybersecurity risks at hand across the country as concerns linger surrounding hacking’s role in last year’s U.S. election. Click to read entire article.
The Victoria school district was one of many districts affected by a data breach through the Texas Association of School Boards. The association learned recently that personal information of employees became inadvertently visible to the public on the internet, according to a June 21 news release. Click to read entire article.
The Clearfield County Children and Youth Family Services office is notifying residents about a security breach. In a notice dated on June 30, the county run agency told residents that links to a small number of files were shown online in March and April. The data breach included dates of birth and social security numbers. Click to read entire article.
The FBI is warning of a government computer data breach that involves more than 200,000 records containing confidential personal information of residents in the Wooster, Ashland, and Orrville areas. Click to read entire article.
Experts say that the settlement, announced for $11.2 million earlier this month, made sense for all parties involved. Click to read entire article.
According to Ponemon’s “2017 Cost of Data Breach Study,” the average total organizational cost across all segments, not just education, is $7.35 million, up almost five percent over last year’s $7 million. Click to read entire article.
Canadian class action lawsuits over the Walmart Canada Photo Centre data breach were settled in May 2017. The lawsuits and settlement provide useful lessons for Canadian organizations that collect and process sensitive customer information. Click to read entire article.
VIRGIN Media is advising more than 800,000 customers with a specific router to change their password immediately after an investigation found hackers could gain access to it. Click to read entire article.
More than 100,000 AA customers are understood to be affected by a serious data breach involving the motoring company’s online shop. Click to read entire article.
Insider with a login, rather than an outsider with a hack, seems culprit for darkweb privacy panic. Click to read entire article.
A data breach at Victoria’s major tax collection agency has led to 4400 overdue notices being sent to the wrong people. Click to read entire article.
The ministry of shipping said National Cyber Security Coordinator Gulshan Rai was rushed to Mumbai to assist the company. Click to read entire article.
The Department of Telecom will soon seek details of alleged subscriber data breach of Reliance Jio, a top official said today. “They (company) have not come to us but we will seek details from them,” Telecom Secretary Arun Sundararajan said. Click to read entire article.
The Reserve Bank of India on Thursday said bank customers who are victims of fraudulent or unauthorised electronic transactions will not bear any loss if the transaction is due to a fault in the bank’s security system, or a third-party breach. Click to read entire article.
Mark Greisiger
NetDiligence®
Cyber Risk Readiness & Response