We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. France slaps Google with a huge fine, more than 140 airlines affected by a third-party breach, more 24 million financial documents exposed by a third-party breach, settlements in the Neiman Marcus, Sonic, and Arby’s breaches – and more! Don’t miss the items below in ORANGE.
France’s data-privacy watchdog, known as the CNIL, slapped Google with a €50 million ($56.8 million) fine on Monday (Jan. 21), claiming the US tech giant was in breach of Europe’s new General Data Protection Regulation (GDPR), which was designed to protect consumers’ rights to privacy and anonymity when it comes to the data they share with businesses. Click to read entire article.
The New York-based manufacturer of homeware, office supplies, and kitchen utensils filed a data breach advisory with the California Attorney General’s Office, and a letter drawn up for customers indicates that the data breach occurred between June 2017 and October 2018. Click to read entire article.
Potential attackers could view and change private information in flight bookings made by millions of customers of major international airlines because of a security issue in the Amadeus online booking system found by Safety Detective’s Noam Rotem. Currently, the Amadeus ticket booking system is being used by 141 international airlines which gives it control over 44% of the global online reservation market, with United Airlines, Lufthansa, and Air Canada being some of its clients. Click to read entire article.
In late December, families in the San Diego Unified School District were notified of a data breach launched through successful phishing emails. The number of affected people totaled more than 500,000, according to the district. Click to read entire article.
With a ship big enough to hold millions of people, there’s bound to be a few pirates. According to a report by cybersecurity firm Check Point, a security flaw in Fortnite’s platform may have exposed the credit card data, personal information, and even voice chat audio of the game’s entire player base, which totals more than 200 million people. Click to read entire article.
2018 Breach Report Said 501 Affected, But Now Up to 700,000 Being Notified
The Alaska Department of Health and Social Services, which reported the breach, has a rocky security record. For example, back in 2012, it was fined $1.7 million as part of a HIPAA settlement for a breach reported in 2009 involving the theft of an unencrypted USB drive potentially containing Medicaid beneficiaries’ health information. Click to read entire article.
The Valley Hope Association, a drug and alcohol addiction treatment organization with 16 facilities in seven states, has notified patients about a data security breach that may have potentially exposed patient data to unauthorized access. Click to read entire article.
Officials say a security breach at a Michigan provider of HIV/AIDS care services and substance abuse treatment has compromised some patients’ personal and medical information. Sacred Heart Rehabilitation Center says a “limited number of patients” were notified about the breach linked to a phishing scheme that affected an employee’s email account last April. The organization says affected information included Social Security numbers, full names and addresses. Click to read entire article.
Around 15,000 Medicare advantage members of Blue Cross Blue Shield of Michigan might have affected by a potential data breach. The healthcare and health insurance provider stated that the theft of its employee’s laptop on October 26, 2018, may have compromised the customers’ personal information. Click to read entire article.
The U.S. Securities and Exchange Commission, which recently levied millions of dollars in fines against major corporations last year for allegedly allowing data theft by cyber attackers, has found itself similarly victimized by an international insider trading ring, according to a federal civil complaint and grand jury indictment. Click to read entire article.
A trove of more than 24 million financial and banking documents, representing tens of thousands of loans and mortgages from some of the biggest banks in the U.S., has been found online after a server security lapse. … With help from TechCrunch, the leak was traced back to Ascension, a data and analytics company for the financial industry, based in Fort Worth, Texas. Click to read entire article.
Foster children’s data exposed by Franklin County Children Services error
Letters containing identifying information about Franklin County foster children, including their Social Security numbers, were mailed to the wrong foster parents and family caregivers, Franklin County Children Services said Tuesday. Click to read entire article.
Six years after the largest data breach in South Carolina history left more than 6 million personal and business tax filers’ data exposed, the state still isn’t as prepared as it should be for future cyberattacks. Click to read entire article.
RupeeRedee’s director, Jitin Bhasin released this statement after vulnerabilities in RuppeeRede’s Amazon cloud resulted in the breach of customers’ data. Data leaked include scans of customers’ Pan cards and unique ID numbers. Click to read entire article.
Texas Attorney General Ken Paxton has reached a $1.5 million settlement with Dallas-based retailer Neiman Marcus resolving a data breach investigation that started in 2014. Click to read entire article.
Less than two years after a data breach affected customers of a local fast-food chain, a settlement has been reached and some customers might be eligible for a cash payment. Click to read entire article.
Online glasses retailer Warby Parker was hit by a cybersecurity attack that affected about 198,000 of its customers from late September to late November, according to reports. Click to read entire article.
Plaintiffs have secured a $2 million settlement in a class action lawsuit over an alleged Arby’s data breach. Click to read entire article.
An associate at Dentons Canada was duped into transferring more than $2.5 million into a fraudster’s account, according to an opinion by an Ontario judge in an insurance coverage dispute. Click to read entire article.
In what could be the biggest data breach in recent times, over 772 million email addresses and 22 million unique passwords have been outed in a collection of files uploaded to cloud service MEGA. Click to read entire article.
Diversified financial services firm Cebuana Lhuillier, known nationwide [India] for its remittance services, suffered a nationwide data breach that puts at risk all the personal data of the company’s 900,000 customers. Click to read entire article.
SingHealth and Singapore’s public healthcare sector IT agency IHIS have been slapped with S$250,000 and S$750,000 financial penalties, respectively, for the July 2018 cybersecurity attack that breached the country’s personal data protection act. The fines are the highest dished out to date. Click to read entire article.