We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: class actions against social media giants, big breaches in healthcare, the ABA publishes formal opinion regarding lawyers’ obligations before and after a data breach, Gemalto publishes global breach stats for first half of 2018, increased liability for UK employers, and more. Also, don’t miss the items below in ORANGE.

The Seattle Times reported worker names, Social Security numbers, dates of birth, checking account and routing numbers, salaries and additional information is included in the breach notification, which is being sent by email or being personally delivered by the retailer’s managers. Click to read entire article.

The Employee Retirement System (ERS) of Texas reported to OCR on Oct. 15 that information on potentially 1.25 million people may have been exposed in a health data breach. Click to read entire article.

On October 25, Fortune 1000 company CNO Financial Group, Inc. submitted a report to the Office for Civil Rights’ Breach Portal at the U.S. Department of Health and Human services. The report revealed that the personally identifiable information of 566,127 people was accessed by an unauthorized party through a subsidiary of CNO, Bankers Life. Click to read entire article.

Health First officials told FLORIDA TODAY on Monday the data breached was fairly low-level, though it could have included some customers’ Social Security numbers. Mostly it appears to have involved information such as addresses and birth dates. Click to read entire article.

“Regrettably, we’ve learned that Jobscience, Inc., the vendor which we’ve used for online employment application services since 2006, had a data breach which may have involved information from individuals who applied for jobs at Huntsville Hospital. Because of this, notification letters are being sent to the affected persons. Click to read entire article.

London-headquartered HSBC has confirmed that online bank accounts of its customers in the US were illegally accessed about a month ago, with possibly compromised data including account numbers and transaction history. Click to read entire article.

Two people from Colorado have joined a federal class action lawsuit against Facebook over its September security breach, according to a news release from Franklin D. Azar & Associates. Azar filed the lawsuit on Oct. 11 and is asking Facebook for damages and to provide credit monitoring services to the 30 million people impacted. Click to read entire article.

According to a suit filed in Illinois’ Cook County Superior Court, Eventbrite “failed to prevent, detect, or otherwise act in a reasonable manner or within a reasonable time.” As a result, customers’ confidential information was placed at risk. Click to read entire article.

Google is shutting down its consumer version of Google Plus, its social network that some saw as its answer to Facebook. This comes after a flaw was discovered that might have exposed personal information of hundreds of thousands of customers. According to The Wall Street Journal, that flaw was discovered in March, but the company decided not to disclose it. Click to read entire article.

Otsego County and Cyber Incident Response Team officials identified a remote server in a county employee’s home as the source of the breach and believe cryptominers are behind the attack. Click to read entire article.

The City of St. Petersburg announced a data breach on Tuesday that involved customers’ credit card information. According to city officials, the City of St. Petersburg utilizes a third-party software product called Click2Gov to provide customers with the ability to pay utility bills, parking tickets, business licenses, building permits, and civil citations online via the Internet. Click to read entire article.

British Airways has revealed that the data breach that hit the company earlier this year may have affected far more customers than initially thought after discovering an additional issue. The airline has said that a further 185,000 customers may have had personal details such as payment card numbers stolen in the attack earlier this year. Click to read entire article.

…Because of this growing and serious threat to the legal profession, the ABA published Formal Opinion 483 to direct attorneys and law firms on how they should handle data breaches before, during, and after an event. In short, lawyers are not expected to be as bulletproof as Superman, but they must take proactive steps to protect sensitive client data and they must disclose material data breaches. Click to read entire article.

Gemalto has released the latest findings of the Breach Level Index, a global database of public data breaches, revealing 944 data breaches led to 3.2 billion data records being compromised worldwide in the first half of 2018. Click to read entire article.

The Federation of Sovereign Indigenous Nations recently paid more than $20,000 to an anonymous hacker who breached its computer system, CBC News has learned. The revelation surfaces as hundreds of delegates gather in Saskatoon on Wednesday and Thursday to elect a new FSIN chief and two vice-chiefs. Click to read entire article.

In a privacy update on its site, the Ontario Cannabis Store said the breach affected about 2 percent of its customer orders, or 4,500 customers. Canada Post said customers’ information was accessed by someone using its delivery tracking tool. Click to read entire article.

Burgerville announced… that its network had been hit by a cybersecurity breach that may have resulted in customers’ credit and debit card information being compromised, including names, card numbers, expiration dates and three-digit CVV numbers. Click to read entire article.

Threat actors managed to access the information of 64,000 Tomorrowland festival-goers who attended the 2014 event in Boom, Antwerp, Belgium. Click to read entire article.

The Court of Appeal has upheld a decision of the High Court holding that an employer can be vicariously liable for data breaches caused by the actions of an employee, even where the employee’s actions were specifically intended to harm the employer. This decision is significant as it means a company can be held liable to compensate affected data subjects for loss caused by a data breach, even where the company has committed no wrongdoing and regardless of the employee’s motive. Click to read entire article.

The data breach has affected 9.4 million customers and caused a war of words between the former and current privacy commissioner. Click to read entire article.