We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: final settlement in the Anthem breach, more class actions, phishing, a coordinated international cyber heist using ATMs, business interruption, and more. Also, don’t miss the items below in ORANGE.
Facebook Inc. said it discovered a security breach earlier this week that affected almost 50 million accounts, the latest in a series of missteps that are undermining confidence in the company’s social network and business model. Click to read entire article.
Ride hailing service Uber agreed to pay a $148 million penalty over a massive 2016 data breach which the company concealed for a year, the company and state officials announced Wednesday. The agreement stems from a breach affecting some 57 million Uber riders and drivers disclosed by the California company, prompting litigation that was eventually joined by officials from the 50 US states and the District of Columbia. Click to read entire article.
A report has now surfaced online that claims FreshMenu had a massive data breach back in 2016; a breach that exposed personal data of over 110,000 customers including their names, email addresses, phone numbers, home addresses, device information, and order histories. Click to read entire article.
Restaurant chain faces class-action lawsuit in Illinois for breaking BIPA state law. The complaint is centered around Wendy’s practice of using biometric clocks that scan employees’ fingerprints when they arrive at work, when they leave, and when they use the Point-Of-Sale and cash register systems. Click to read entire article.
A consumer says Adidas exposed the private information of millions in a June data breach that allegedly occurred because of the shoe company’s security flaws. Click to read entire article.
The company revealed today (Sept. 19) that its online-checkout pages had been infected by data-skimming malware from Aug. 14 until yesterday. The thieves behind it seem to be the same who hit British Airways earlier this month and the U.K. branch of Ticketmaster in July. Click to read entire article.
Philadelphia-based Independence Blue Cross (IBC) announced Sept. 17 that PHI was uploaded by an employee to a website that was publicly accessible between April 23 and July 20, 2018. KYW news radio reported that around 17,000 IBC customers were affected. Click to read entire article.
UMass Memorial healthcare entities have agreed to pay $230,000 to the state of Massachusetts to resolve claims that two separate healthcare data breaches exposed PHI of more than 15,000 state residents. Click to read entire article.
The resignation comes after a data breach that affected up to 250,000 people was announced by Adams County on Aug. 10. The Adams County Board had been investigating Clerk Cindy Phillippi’s role in the data breach, according to county documents.
Click to read entire article.
A recent string of Distributed Denial of Service (DDoS) attacks among online poker sites has claimed another victim, with 888 Poker confirming its status as the latest poker room to fall prey to the service disruptions that severely hamper operations and frustrate players. Click to read entire article.
The Osaka-based cryptocurrency exchange discovered hack two days ago, and is working to secure funds to reimburse affected users. Click to read entire article.
The state of New Mexico filed a lawsuit against Google, Twitter, and several other companies that create mobile gaming apps targeted at kids. The state is now saying that many of these apps illegally collect data on children that could put their safety and privacy at risk. Click to read entire article.
“Class actions are here to stay for data breaches,” says attorney Jonathan Armstrong, who’s a partner at London-based Cordery. “They’re more likely to succeed here than in the U.S., albeit with the caveat that their numbers will be smaller,” he says in an interview with Information Security Media Group. Click to read entire article.
Over half of SMBs have now had a taste of how disastrous the consequences of a data breach can be. According to Cisco’s SMB Cybersecurity Report, released on Wednesday, 53 percent of midmarket companies have experienced a data breach. Click to read entire article.
British Airways faces the threat of legal action over the unprecedented data breach that saw 380,000 passengers’ bank details stolen. The airline is already facing a fine of up to £500 million from the Information Commissioner’s Office for the breach. Click to read entire article.
Tesco’s banking arm is now facing a record fine from the UK’s financial regulator over the 2016 cyber security breach, with the Financial Conduct Authority (FCA), said to be considering a fine of up to £30m. …The relatively small number of customers affected adds shock value to the size of the proposed fine, which was first disclosed by Sky News. Click to read entire article.
On August 22, 2018, SHEIN became aware that certain personally identifiable information of its customers was stolen during a concerted criminal cyberattack on its computer network. It is our understanding that the breach began in June 2018 and continued through early August 2018 and involves approximately 6.42 million customers. Click to read entire article.
Some financial institutions are taking an average time of 1,726 days – or more than 4.5 years – to identify significant breaches, according to a new report by corporate regulator ASIC. Click to read entire article.
On Sept. 8, Australian broadcaster ABC reported a data breach affecting 13 people who used Perth Mint’s Depository Online, a web-based platform for purchasing precious metals. The leaked data included names, addresses, passport numbers and bank account details. Perth Mint, however, has upped the number of customers affected to 3,200, saying that the data exposed includes “customers’ address, bank details or identification details.” The revised figure represents slightly over 3 percent of Perth Mint’s 100,000 global customers. Click to read entire article.
More than 30 privacy breaches from Australia’s big four banks were reported to the Office of the Australian Information Commissioner between January 2012 and April 2018. One such breach involved a Westpac manager, who no longer works at the bank, handing over the banking passwords of 80 customers to a mortgage broker. Click to read entire article.
Cyber Risk Readiness & Response