We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Exposures include business interruption (first-party exposure) and legal liability (lawsuits), also crisis costs to investigate the breach, notify the victims, and defend against class action lawsuits, regulatory actions and fines. Also, don’t miss the items below in ORANGE.

Please join MedPower and NetDiligence® for an hour you can’t afford to miss. Anahi Santiago, chief information security officer at Christiana Care Health System will guide you through the steps necessary to safe guard your organization from what hackers have in store for 2018. Vinny Sakore, chief technology officer at NetDiligence will discuss the importance of data breach planning and how it can help you minimize the negative effects of a breach on your organization. Register now!

Featuring a designated Risk Management Track, Regulatory and Litigation Updates, What’s New in Cyber Coverage, Security Solutions, and more! Register now!

… the consumer data industry is now grappling with after a discovery that Irvine marketing and analytics company Alteryx Inc. accidentally made public a file that contained the personal information of 123 million American households. (The U.S. has 126 million households in all, according to the Census Bureau.) The database contained information across 248 categories, including addresses, phone numbers, mortgage ownership, age, ethnicity and personal interests such as whether a person is a dog or cat enthusiast. The data did not include people’s names, Social Security numbers, credit card information or passwords. Click to read entire article.

Auto giant Nissan confirmed that its Canadian branch has been hit by hackers. Although the details of the breach are still murky, Nissan says that the hack may have impacted all of its current and past customers – around 1.13 million people. Click to read entire article.

Only 28% of retailers said they have a fully tested plan in place in the event of a security breach. Meanwhile, 21% said their organization doesn’t have a plan at all, or the means to notify customers of a data breach within 72 hours (21%) — a requirement specified by the General Data Protection Regulation (GDPR), according to a new study from Tripwire. Click to read entire article.

New Hampshire-based Multi-State Billing Services (MSB) must pay $100,000 and improve its security practices per a consent judgment from the Massachusetts attorney general’s office. The settlement stems from a Medicaid data breach where 2,600 children had some of their information exposed. Click to read entire article.

The Colorado Mental Health Institute at Pueblo is notifying the public and patients of a potential data breach. In a news release, the agency said on November 1st a staff member unintentionally allowed access to a state-issued computer through a phishing scam. Click to read entire article.

Wednesday, a federal district court in Arizona denied in part and granted in part Banner Health’s motion to dismiss class action claims arising from a 2016 data breach. Click to read entire article.

The personal records of as many as 24,000 UNC Health patients could be compromised after the theft of a laptop computer at an outpatient dermatology clinic. Click to read entire article.

Recent potential healthcare data security breaches include unauthorized server access, computer theft, and a ransomware attack. December 14, 2017 – Carl Albert State College (CASC) is re-notifying certain individuals of unauthorized server access from 2016 that may create data security concerns. Click to read entire article.

Following a pair of data breaches that exposed highly sensitive student and employee information, the chief digital officer at Stanford University’s Graduate School of Business has reportedly stepped down. Click to read entire article.

The Oklahoma Department of Human Services is notifying 47,000 clients their records may have been breached — and it’s the second breach notification about the same incident because DHS neglected to alert the U.S. Department of Health and Human Services the first time. Click to read entire article.

The City of Fond du Lac water bill online payment system has been taken down until it can be rebuilt. Fond du Lac Credit Union officials reached out to the City after noticing some credit card customers were victims of fraudulent purchases. Click to read entire article.

Hackers breached the county’s servers last week and held files for ransom. The cybercriminals, believed to be from Ukraine or Iran, froze 48 of the county’s 500 servers. Click to read entire article.

Duke Energy said Tuesday that a computer data breach potentially affects those who paid bills at one of the company’s 550 authorized walk-in payment centers between 2008 and 2017. Nearly 375,000 customers in the Carolinas may be affected. Click to read entire article.

The information of 52,000 people that may have been exposed includes payment card information, bank account information, Social Security and other government identification numbers, account usernames and passwords. Click to read entire article.

The federal government will pay at least $17.5 million to settle a class action lawsuit filed after a major privacy breach involving about 583,000 student loan recipients. Click to read entire article.

A recap of the top 2017 cybersecurity stories covered in IT World Canada. Click to read entire article.

PayPal has acknowledged that TIO, the Canadian payments processing company that it acquired in July 2017 has suffered a data breach that compromised the information of up to 1.6 million users. TIO processes utility and other bill payments and has over 60,000 kiosks in North America. Click to read entire article.

A UK High Court has held a company liable for the actions of an employee that leaked employee data in an attempt to harm the employer. This is a precedent setting case as it was not found that the company itself was at fault for handling their data. With the onset of GDPR next year, this ruling could signal the way the court would rule in other cases regarding data breaches. Click to read entire article.

St Canices Credit Union has notified the Data Protection Commisioner and the Central Bank of Ireland after a small number of members inadvertently received account information relating to other members. Click to read entire article.

Payment security firm Sisa has issued an advisory to all banks and payment processors after it discovered that hackers had managed to insert malicious software into the payment switch server of an unnamed bank. Click to read entire article.

Osaka University said Wednesday that personal data of around 80,000 students, graduates, staff, former workers and others may have been stolen by hackers. Click to read entire article.

The breach into users of the bike sharer lasted at least two weeks, affecting users around the world. Click to read entire article.