We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Exposures include business interruption (first-party exposure) and legal liability (lawsuits), also crisis costs to investigate the breach, notify the victims, and defend against class action lawsuits, regulatory actions and fines. Also, don’t miss the items below in ORANGE.

Corporate Risk & Insurance is a Media Sponsor for the NetDiligence® Cyber Risk Summit in Philadelphia, June 12-14. Check out Captives: Underdogs in cyber security, a recent article featuring Mark Greisiger of NetDiligence. You may also want to sign up for their weekly newsletter, which provides risk management professionals the latest in risk trends through peer profiles, perspectives from industry insiders, data, webinars and white papers.

Facebook Inc. said that data on as many as 87 million people, most of them in the U.S., may have been improperly shared with research firm Cambridge Analytica. Click to read entire article.
Related: Cook County Files Lawsuit Against Facebook, Cambridge Analytica For Misuse of User Data

Popular online booking website, Orbitz, has announced that its legacy site, Amextravel.com, was compromised due to a data breach. The period of exposure runs from January 1, 2016 through December 22, 2017. The company is reporting that up to 880,000 payment cards could’ve been exposed during the breach. Along with credit or debit card information being stolen, personal information such as the customer’s full name, date of birth, phone number, email address, physical and/or billing address and gender could also be among the information obtained by the hackers. Click to read entire article.

It seems that no company that has a public website is immune to hackers and data thieves anymore. Delta Air Lines just found that out the hard way when it that [24]7.ai–a company that provides online chat services for a variety of companies including Delta–was involved in a “cyber incident.” This cyber incident allowed Delta customer payment information to be accessed during the period from September 26, 2017 to October 12, 2017. Click to read entire article.

Sports apparel merchant Under Armour has become the latest victim of a massive digital theft of sensitive information about tens of millions of customers. The Baltimore company disclosed Thursday that an intruder grabbed the email addresses and login information during a February break-in affecting about 150 million users of its food and nutrition website, MyFitnessPal. Click to read entire article.

The restaurant chain’s web site exposed millions of customer records –including names, email and home addresses, birthdays and the last four digits of customer credit card numbers – for at least eight months according to Brian Krebs in his blog KrebsOnSecurity. The data contained records for online customers of the St. Louis-based company, which has more than 2,100 North American locations. Click to read entire article.

Experts say an employee phishing scam is likely to blame for the data breach affecting millions of Saks Fifth Avenue and Lord & Taylor payment cards. Hudson’s Bay disclosed the breach on Sunday and said an estimated 5 million cards were compromised. The Canadian company noted it has commenced an investigation. Click to read entire article.

Much of Atlanta city government has been forced to rely on pen and paper this week thanks to a Ransomware attack. Click to read entire article.

The Marion County Sheriff’s Department has sent letters to an undisclosed number of those booked into the Marion County Jail telling them of a security breach that has allowed some of their personal information to be compromised. Click to read entire article.

An unknown individual else group of persons hacked the total 911 dispatch computers of Baltimore during past Saturday-Sunday, causing the automated dispatching to be tentatively shutdown. Click to read entire article.

American plane manufacturer Boeing announced that it “detected a limited intrusion of malware” that infiltrated “a small number of systems,” according to a statement released by a company official. The Seattle Times reports that Boeing fell victim to the WannaCry virus, which held computers hostage earlier this year in the largest cyberextortion scheme ever, CNET reports. Click to read entire article.

The City of Corpus Christi wants everyone to monitor their bank accounts after a breach that may have affected some residents. Click to read entire article.

In addition to paying the state $417,816, Virtua will move internally to enhance its data security practices, according to a statement.
Virtua Medical Group, one of southern New Jersey’s largest health care providers, will pay more than $400,000 in fines and penalties in order to settle claims that it failed to properly protect the privacy of patients whose medical records were made available online. Click to read entire article.

In a statement on their website, Middletown Medical administrators claim that a software security setting may have allowed unauthorized users access to patients’ names, dates of birth and treatment information back in January. Click to read entire article.

An Albany, N.Y. hospital suffered a data breach affecting about 135,000 patients when an unauthorized party gained access to its servers. Click to read entire article.

South Dakota Governor Dennis Daugaard signed the state’s first data breach notification law in March 2018, which will go into effect on July 1, 2018. Click to read entire article.

Oregon is the latest state to enact a consumer protection law that would require residents to be notified within a specific time if their data has been breached. Click to read entire article.

Alabama is now the 50th state to have data breach notification law, accounting for medical information. Click to read entire article.

Software left women who signed up for it vulnerable to having personal information exposed like their names, home addresses and drivers’ licences. Click to read entire article.

A large number of emails and some 3.3 million passwords of Dutch people can be found easily online through a special search engine, newspaper AD discovered on Friday. The emails and passwords of employees of manly large Dutch organizations, companies and government institutions are found on this search engines, including of organizations that fulfill a vital function, the newspaper writes. Click to read entire article.

Thousands of Tesco Bank customers have had their details exposed after a data leak instigated by its travel money partner Travelex, Mirror Money has learned. Click to read entire article.

A number of former employees of Independent News & Media whose personal data was allegedly compromised by a third-party security firm are considering taking legal action. Click to read entire article.