We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Exposures include business interruption (first-party exposure) and legal liability (lawsuits), also crisis costs to investigate the breach, notify the victims, and defend against class action lawsuits, regulatory actions and fines. Also, don’t miss the items below in ORANGE.
Featuring a designated Risk Management Track, Regulatory and Litigation Updates, What’s New in Cyber Coverage, Security Solutions, and more! Register now!
The Tether Treasury wallet has been hacked, leading to the loss of $31 million in USDT, a crypto-token which pegs its value to the US dollar through an inflationary monetary policy. Click to read entire article.
A collective “I told you so!” could be heard last week from the many bankers who have steered clear of cryptocurrency wallets. A programmer messing around in the code of the digital currency wallet provider Parity Technologies killed a smart contract and vaporized between $150 million and $350 million of the digital currency Ether. The owners of the funds, many of them small businesses, are still waiting to find out if they’ll ever get their money back. Click to read entire article.
In a quarterly report, Merck quantified the impact of the cyber attack in their annual revenue report. The financial impact was estimated at around US$135 million and $174 million in additional costs since June. The reason for the lost revenue can be traced back to NotPeyta’s disruption of operations that forced a halt on drug production. Click to read entire article.
“Uber knew or should have known its security systems were inadequate.” The cases allege substantial negligence on Uber’s part: plaintiffs say the company failed to keep safe the data of the affected 50 million customers and 7 million drivers. Uber reportedly paid $100,000 to delete the stolen data and keep news of the breach quiet. Click to read entire article.
The UEA has suffered another data breach; an email was sent to about 300 students in the social science faculty which included the personal health information of a member of staff, in a repeat use of a flaw not fixed previously. Click to read entire article.
The Medical College of Wisconsin has notified thousands of patients their confidential information may have been compromised. The information includes addresses, bank accounts and Social Security numbers. Click to read entire article.
The federal government is investigating a security lapse that exposed the personal information of more than 700 patients at Cook County Health and Hospitals System this year. Click to read entire article.
A recent report indicates that nearly 500,000 individual health records were breached in September 2017. This figure is taken from the 39 healthcare data breaches involving more than 500 records that were reported to the Department of Health and Human Services’ Office for Civil Rights in September 2017. Click to read entire article.
A data breach led to the inappropriate access of at least 1,200 Williamsport, Pa.-based UPMC Susquehanna patients’ information, the hospital said in a statement Friday. Click to read entire article.
A group of security researchers from private industry, universities, and the Department of Homeland Security (DHS), were able to successfully hack a Boeing 757 remotely in a non-laboratory setting. Click to read entire article.
Known as BlueBourne, the hack was first made public in September, after security firm Armis, which discovered the Bluetooth-based hack, had alerted Apple, Microsoft, Google and other manufacturers about their findings. Devices were quickly patched after it was claimed some five billion products using Bluetooth were at risk. Click to read entire article.
The clothing store Forever 21 says customers who shopped at certain locations this year may have had their credit-card information stolen. Click to read entire article.
Utah Food Bank’s breach might have exposed the financial records of more than 10,000 donors. Sophisticated, high-profile hacks make the headlines, but for most nonprofits, it’s the small stuff that leads to lost or stolen data. If you’re writing or reviewing acceptable use or data security policies, there are five things you absolutely need to do. Click to read entire article.
The Sacramento Regional Transit (SacRT) public transportation agency was forced to shut down its website due to a security breach that took place on Saturday, November 18. The shutdown happened after an unknown hacker had breached its server and defaced the agency’s portal. Click to read entire article.
Holly Springs leaders said they have taken steps to secure residents’ personal information after the city experienced a data breach earlier this year, although one resident says it’s not enough. Residents received a letter this week from city officials alerting homeowners they recently identified and addressed “a security incident that may have involved (their) personal information.” Click to read entire article.
A lawsuit filed Thursday seeks to recover data and damages from Portland internet service provider Spirit One, whose email service has been largely unaccessible to customers since September 29. Click to read entire article.
The U.S. District Court for the Middle District of Florida, in Innovak International v. The Hanover Insurance Co., recently granted summary judgment in favor of Hanover Insurance Company finding that it had no duty to defend Innovak against a data breach lawsuit. Click to read entire article.
A California children’s hospital sued Illinois Union Insurance Co. for coverage of an underlying suit brought after the hospital mistakenly sent a document containing the protected information of more than 20,000 “young patients” to job applicants, according to a notice removing the suit to California federal court Friday. Click to read entire article.
Section 5 of the Federal Trade Commission Act provides a powerful tool for the federal government to regulate companies’ data-security practices. Rather than adopt specific data-security standards, the FTC often uses Section 5’s flexible and open-ended concepts of unfairness and deception to bring enforcement actions against companies for data-security failures. Click to read entire article.
The U.S. Supreme Court may decide whether you can act on that “Dear valued customer, we regret to inform you that your data may have been compromised …” letter or e-mail with an individual or class action lawsuit. Click to read entire article.
Canadian small and medium-sized businesses are being targeted with spear phishing attacks from a gang trying to get employees to reveal corporate banking passwords and two-factor authentications, IBM researchers said today. Click to read entire article.
An 18-year-old McMaster student is facing charges after a password-protected database containing student admission offer letters was breached at the university. Click to read entire article.
The bank’s actions are leaving account holders vulnerable, with many fearing their cards and pins could easily fall into the wrong hands. Click to read entire article.
UK pawnbroker Cash Converters believes customer data may be in the hands of a malicious third party after a suspected breach of its old website. Click to read entire article.
Google maybe subject to criminal and legal action after the media giant has admitted that it is tracking people’s phones around the world even when they turn off location services and remove their Sim card. Click to read entire article.
The Department of Social Services has written to 8,500 current and former employees warning them their personal data held by a contractor has been breached. Click to read entire article.
The Australian Broadcasting Corporation is the latest organisation to fall prey to misconfigured Amazon S3 storage buckets, exposing database backups and sensitive data such as login credentials. Click to read entire article.
Cyber Risk Readiness & Response