We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Exposures include business interruption (first-party exposure) and legal liability (lawsuits), also crisis costs to investigate the breach, notify the victims, and defend against class action lawsuits, regulatory actions and fines. Also, don’t miss the items below in ORANGE.
The first event, Intro to Cyber, is for designed for students, interns and summer associates who are interested in a career in cyber as an insurance, legal, or technical security professional. Free to attend – space is limited. Learn more.
The second event, Women in Cyber, is a luncheon featuring a candid panel discussion by experts with a wide range of backgrounds and professional experience from the cyber insurance, legal, and security sectors. Hosted by NetDiligence and sponsored by Kroll and Saul Ewing, there is a nominal charge to attend this event. Learn more.
If you have eaten at Chili’s restaurants within the past two months, then you might want to check your credit report and card statements. Chili’s parent company, Brinker International, announced over the weekend that customers’ payment information may have been exposed in a malware attack. Click to read entire article.
A vendor providing online support services to websites at Sears.com and Kmart.com informed the company that the vendor had experienced a security incident that may have affected the names, addresses, and payment card information for customers who placed or attempted to place orders on the Sears.com or Kmart.com websites. Click to read entire article.
The personal data of about 15,000 members of a credit union has been stolen in a cyber attack. Sheffield Credit Union (SCU) said information including names, addresses, national insurance numbers and bank details had been accessed. Click to read entire article.
According to Verizon’s 2018 Data Breach Investigations Report, 39 percent of malware-related data breaches involve malware, while Trojan botnets and denial of service (DoS) attacks are most common for the financial industry. Click to read entire article.
A student loan services company recently notified 16,500 borrowers that files containing personal data were released to a business that wasn’t authorized to receive them. Click to read entire article.
OCR is proposing to share a percentage of HIPAA data breach settlements with victims, as required by the HITECH law. …Christian said that OCR’s decisions on compensation for individuals or groups could provide an incentive for people to bring lawsuits because OCR decided that they should be compensated. Individuals could also file a lawsuit for other reasons, such as feeling like they weren’t compensated enough. Click to read entire article.
The victims of a phishing attack targeting UnityPoint Health, which operates medical centers in Illinois, Iowa and Wisconsin, filed a class action lawsuit against the firm claiming victims were falsely told their social security numbers hadn’t been compromised, according to a federal class action lawsuit. Click to read entire article.
About 3,750 patients of Las Vegas-area dental groups may have been compromised by a data breach. Click to read entire article.
Nuance Communications, which specializes in speech recognition software, says an unauthorized third party accessed one of its medical transcription platforms, exposing 45,000 individuals’ records. Click to read entire article.
…The clinic has about 270 providers handling around 485,000 patient visits annually through 59 clinics serving northwest Oregon and southwest Washington. Click to read entire article.
800,000 players could be targets
Danny Jenkins, CEO and cybersecurity chief with Orlando based Threatlocker, told News 6 the users of the popular Epic Games video game are starting to see the consequences of that data breach. Click to read entire article.
What are described as the ‘intimate’ details of some three million Facebook users was apparently accessible on a research website for four years. Click to read entire article.
Yahoo investors claiming they lost millions after a series of massive data breaches will get $80 million under a settlement approved by a federal judge late Wednesday. In early 2017, a class of investors led by Mark Madrack sued Yahoo following its admission on Dec. 14, 2016, that Russian hackers had stolen information from more than 500 million users in 2014. The next day, Yahoo’s stock price fell by $2.50. Click to read entire article.
A possible data breach has left some 30,000 Goodyear utility customers vulnerable. The City says it learned Monday about an apparent issue with its bill pay systems when a customer informed city officials of fraudulent activity on their bank account. Click to read entire article.
An attempt by an unknown source to plant malicious software (aka malware) on the Federal Motor Carrier Safety Administration’s database of agency-approved medical examiners is the root cause of the lingering outage of FMCSA’s National Registry of Certified Medical Examiners (NRCME), the agency has told CCJ. Click to read entire article.
Major U.S. cities like Atlanta and Baltimore have been crippled by cyber attacks in the last few weeks, forcing police departments to resort to pen and paper instead of computers. Hackers demanded $51,000 in Bitcoin from the city of Atlanta, but the city refused to pay. Atlanta did pay $2.6 million in recovery costs. Click to read entire article.
News 4 has learned that information on dozens of Erie County Social Services clients was possibly breached in 2017. Click to read entire article.
Global University (“Global”) is providing notice to current and former students of a recent event involving the potential exposure of certain personal information. To date, Global has not received any reports that the information has been misused. Click to read entire article.
…However, powerful as blockchains may be, they are not immune to attack. Any technology has weak points and attack vectors, and the blockchain is no exception. Click to read entire article.
The CBC is warning more than 20,000 of its past, present and contract employees that their personal and financial information may be at risk after a break-in and the theft of computer equipment. Click to read entire article.
Samples of the leaked information suggest it was at one point in the hands of a company linked to an organizer who helped would-be PC candidates recruit members. Click to read entire article.
British boiler-maker Worcester Bosch has suffered a data breach that has inadvertently revealed the home addresses of “tens of thousands” of customers. Click to read entire article.
Americans who booked European train tickets through Rail Europe North America (RENA) may be victims of a near-three month data breach of their e-commerce system. Click to read entire article.
Brighton Council has rejected Uber’s request to renew its licence to operate in the city, citing concerns around the ride-hailing company’s handling of a recent data breach which affected some 57 million accounts. Click to read entire article.
A total of 57 data breach notifications have been received by the National Privacy Commission (NPC) since January this year, but not all have progressed into an actual investigation by the data privacy body. Click to read entire article.
People looking for information about abortions and contraception could have had their personal information stolen, after a major data breach at Family Planning NSW (FPNSW). Click to read entire article.
The Australian government has labelled a data breach which saw the nation’s biggest bank lose details of 20 million accounts as “very disappointing.” Click to read entire article.
A data breach at the Employees’ Provident Fund Organisation (EPFO), a retirement fund for salaried workers, may have exposed the personal information of millions of Indians. Click to read entire article.
Mark Greisiger
NetDiligence®
Cyber Risk Readiness & Response