We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: final settlement in the Anthem breach, more class actions, phishing, a coordinated international cyber heist using ATMs, business interruption, and more. Also, don’t miss the items below in ORANGE.
The Adams County government said in an August 10 release that the breach involved PII, PHI, and tax information from the county’s Veteran Service Office, Extension Office, Adams County Employees, Solid Waste, Health and Human Services (HHS), Child Support, and Sheriff’s Office. Click to read entire article.
A Tennessee city has published confidential information including Social Security numbers in some publicly available court records. Click to read entire article.
US District Judge Lucy Koh has given final approval to a $115 million settlement that ends further claims against Anthem over its 2015 data breach that exposed personal information on 79 million people. Click to read entire article.
Recent healthcare data breaches include a St. Mary’s Hospital paper records data breach affecting more than 300,000, a lost laptop containing hospice patient information, an email breach, and a vendor’s refund check mistake. Click to read entire article.
Reportedly, the Augusta University Health suffered data breach due to multiple phishing attacks over the year. Regretfully, the breach has exposed around 417,000 records. Click to read entire article.
In a statement on its website, InterAct explained that it became aware on June 8 that an unauthorized third party accessed a company email account. The mental health and substance abuse treatment provider determined on July 30 that the email account contained clients’ names and Social Security numbers, and in some cases dates of birth, treatment history, and prescription data. Click to read entire article.
A class-action lawsuit against UnityPoint Health over a data breach reported this spring was amended Monday to cover a second breach revealed last month. Four patients are named in the updated lawsuit. They are among 1.4 million people, including 76,000 in Wisconsin, who were notified July 30 that their names, addresses and medical information — and, for some, driver’s license, Social Security and payment card or bank account numbers — may have been compromised. Click to read entire article.
Credit card issuer TCM Bank, which works with some 750 small and community U.S. financial institutions, including credit unions, exposed the personal information of thousands of individuals who applied for accounts. Click to read entire article.
A Florida customer of cloud-based human resources and tax preparation company ComplyRight Inc. filed a proposed class suit Wednesday in federal court, saying the company failed to adequately maintain its security systems to prevent a breach this year that compromised the information of thousands of customers. Click to read entire article.
On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive: The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug. 14, a bank in India disclosed hackers had broken into its servers, stealing nearly $2 million in fraudulent bank transfers and $11.5 million unauthorized ATM withdrawals from cash machines in more than two dozen countries. Click to read entire article.
In the wake of a massive data breach involving chat software on Delta Air Lines’ website, potential class-action lawsuits point a finger at the airline for putting its customers’ information at risk. Click to read entire article.
The Eastern Maine Community College suffered a malware attack targeting several computers. As a result, around 42,000 records of former students and employees were exposed in the EMCC data breach. Click to read entire article.
The data breach was discovered a decade too late to do anything about it. …According to the university, 119,000 individuals were affected. Click to read entire article.
Last week, PokerStars issued a tweet that stated they had suffered site outages and had canceled tournaments due to the “series of DDoS attacks” that had targeted their offerings. Click to read entire article.
Reddit has suffered a ‘security incident’ in the form of a sophisticated hack that has exposed the personal data of some users. …Cyber crooks managed to swipe user data that included usernames, email addresses and hashed passwords.Click to read entire article.
Taiwan-based chip manufacturer TSMC warned that the infection, which was eventually contained, will delay shipments of its products and could wipe as much as $171 million off its revenue. Click to read entire article.
Compromise of an employee’s credentials, lack of multi-factor authentication, and weak insider threat analysis all played a factor in the recent TimeHop data breach in which 21 million user accounts were compromised. Click to read entire article.
Brazilian public prosecutors have filed a civil public action against the country’s first digital-only bank over a breach affecting nearly 25,000 consumers. Click to read entire article.
Technology retail giant Dixons Carphone has admitted that the massive customer data breach that occurred last year involved far more people than was originally thought. Click to read entire article.
The NHS was involved in a data breach that saw nearly 10,000 documents either stolen or missing from 68 hospitals last year. The breach, chronicled in a new research report by leading think tank Parliament Street, comprises 9,132 cases of stolen or missing documents. Click to read entire article.
Reportedly, Butlin’s suffered a data breach this week through a phishing attack. Butlin’s is a UK-based chain of holiday camps providing affordable holiday solutions. Click to read entire article.
Engineering group RCR Tomlinson took three months to notify the Office of the Australian Information Commissioner that employees’ personal data, including bank account numbers and credit cards, had been accessed in an internet scam despite new laws requiring companies to inform the regulator in “a timely manner.” Click to read entire article.
The Bank of Thailand (BOT) has confirmed that hackers have stolen information of more than 120,000 customers in a massive data breach into two major commercial banks. Click to read entire article.
Cyber Risk Readiness & Response