We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. This month we’re highlighting a mysterious hacker group that’s targeting software supply chains, more monster breaches, new class actions, multimillion-dollar settlements, third-party breaches, and more! Don’t miss the items in ORANGE below.

Over the past three years, supply chain attacks that exploited the software distribution channels of at least six different companies have now all been tied to a single group of likely Chinese-speaking hackers. Click to read entire article.

Known hacktivists Noam Rotem and Ran Locar discovered an unprotected database impacting up to 65% of US households. Hosted by a Microsoft cloud server, the 24 GB database includes the number of people living in each household with their full names, their marital status, income bracket, age, and more. Click to read entire article.

The Oregon Construction Contractors Board said Friday it has discovered a security breach involving 8,013 online contractor accounts. Unauthorized individuals gained access to some contractors’ usernames and related password information. Click to read entire article.

A Pennsylvania credit union is suing financial industry technology giant Fiserv, alleging that “baffling” security vulnerabilities in the company’s software are “wreaking havoc” on its customers. Click to read entire article.

So Far 50 Customers’ Cards Compromised; Number Could Rise.
After a news report on The Consortium this morning revealed what FirstBank has described as an external security breach that prompted the bank to cancel debit cards of affected account holders, the bank’s marketing and communications manager in the Virgin Islands, Alana Alexander, shared more details about the breach, including the number of customers affected, and the nature of the breach. Click to read entire article.

A misconfigured FTP breached the data of about 307,000 Touchstone Medical patients; the subsequent OCR investigation found issues with business associate agreements, timely notification, and risk assessments, among others. Click to read entire article.

A class action suit has been filed against Baystate Health after the data of 12,000 patients was left vulnerable following a February phishing attack. Click to read entire article.

University of California, San Diego officials stonewalled attempts to notify women in an HIV research study that their confidential data was breached more than seven months ago, an inewsource investigation has found. Click to read entire article.

Eddie Bauer agreed to a settlement with Iowa-based Veridian Credit Union over a class action lawsuit related to a 2016 data breach, according to documents filed in the U.S. District Court for the Western District of Washington. Click to read entire article.

Georgia Tech is working to repair the damage created by a cybersecurity breach that may have exposed personal information for up to 1.3 million current and prospective students, faculty, staff and more. Click to read entire article.

The University of Alaska is notifying potentially affected students and individuals after an investigation into a data privacy incident involving potential unauthorized access to certain UA email accounts. Click to read entire article.

The FTC settled an enforcement action against Unixiz, Inc., operator of the website i-DressUp.com, over several aspects of the site that failed to comply with the Children’s Online Privacy Protection Act (COPPA). i-DressUp has agreed to pay a $35,000 fine to settle the dispute. Click to read entire article.

The massive data hack of guest information from the Marriott hotel empire has triggered a $100-million class action lawsuit in Calgary. Click to read entire article.

Freedom Mobile confirmed Tuesday it had a data security breach from late March to late April, but the wireless carrier said only about 15,000 customers were affected — far fewer than an outside research firm’s estimate. Click to read entire article.

You may not have heard of Citycomp, an IT infrastructure provider based in Germany, but you will have heard of its customers. Spread across 75 countries, these include Airbus, Porsche, Toshiba and Volkswagen. So when Citycomp published a statement that it had “successfully fended off a hacker attack,” you might think that was good news. Unfortunately for its customers, not so much it turns out. Click to read entire article.

THE ULSTER BANK head has said it is ‘unacceptable’ that some of its former customers’ personal details were compromised after the bank sold on the loans. Click to read entire article.

Embattled ASX-listed property valuation firm and hacking target LandMark White has put the cost of the customer data theft perpetrated against it at around $7 million, based on the loss of work it suffered after being suspended from bank supplier panels. Click to read entire article.

Fast Retailing, the company behind multiple Japanese retail brands, announced that the UNIQLO Japan and GU Japan online stores have been hacked and third parties accessed 461,091 customer accounts following a credential stuffing attack. Click to read entire article.

The latest quarterly data breach report from the Office of the Australian Information Commissioner (OAIC) has revealed over 10 million individuals had their information compromised in one single incident. The current population of Australia is around 25.4 million. Click to read entire article.