We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. This month we’re highlighting cloud risk, a new IBM study on the cost of a data breach, cybercrime against public entities, big penalties from the UK’s ICO, along with the usual suspects – hackers, malware and ransomware. Don’t miss the items in ORANGE below.

A security lapse at a hotel management startup has exposed hotel bookings and guests’ personal information. …Several large hotel chains, including Holiday Inn Express and Zenique Hotels, use Aavgo’s technology in their properties. Click to read entire article.

A cloud-based provider of virtual desktop environments is trying to rebuild its network, as the company has experienced a major outage earlier this month following a ransomware attack. iNSYNQ, a cloud virtual desktop service provider, said that they made “quite a bit of progress” to restore the desktops that have been down for almost ten days already. Click to read entire article.

Plaintiffs claim firm violated the federal Wiretap Act
The plaintiffs claim Capital One and GitHub of failing to protect customers’ personal information and said that both companies need to be held responsible for their role in the data breach. They also accuse the source-code hosting website of being involved in actively encouraging “(at least) friendly hacking”. Click to read entire article.

Sprint has confirmed a data breach, telling customers that hackers broke into their accounts through a Samsung website. The number of customer accounts breached isn’t yet known… Click to read entire article.

Capital One Financial Corp., one of the nation’s largest issuers of credit cards, said among the information obtained by the hacker was 140,000 Social Security numbers and 80,000 bank account numbers. It said no credit card account numbers or log-in credentials were compromised. Click to read entire article. Related: Capital One Hit With Class-Action Lawsuit Following Massive Data Breach

The 2019 report on the costs of data breaches was sponsored by IBM Security and researched by the Ponemon Institute in Traverse City, Michigan. Ponemon reached out to 507 companies around the world that sustained data breaches between July 2018 and April 2019 and conducted 3,211 separate interviews. Click to read entire article.

The cyberattack highlights the vulnerability of government computer systems, with the city of Los Angeles subjected to billions of hacking attempts in the last five years, according to Ted Ross, general manager of the city’s Information Technology Agency. Click to read entire article.

The governor issued a statewide emergency declaration Wednesday after the security breach was discovered in several school systems throughout the state, his office said. The declaration — the state’s first cybersecurity emergency activation — allows multiple resources to be devoted to the probe. Click to read entire article.

Key Biscayne, Florida data breach is third cybersecurity incident reported by a Florida municipality in June 2019 — joining Riviera Beach & Lake City. Click to read entire article.

After six weeks of controversy and confusion, the virus-related shutdown of the Philadelphia court system’s website is over and the remaining features of electronic filing and docket searching have been restored. Click to read entire article.

A scammer posing as Wright Construction Group, the company the city is working with for the 8th Street South renovation project, filed a change of bank account request on June 24. That bank account was changed and an employee deposited $700,000 into the fake bank account on July 11. The city realized the attack had occurred on August 1 when Wright Construction Group followed up with the city for their payout. Click to read entire article.

The Maryland Department of Labor on Friday began notifying 78,000 customers about potential unauthorized activity on two of its database systems. Click to read entire article.

T-shirt seller CafePress has asked its customers to reset their passwords as part of an updated “password policy.” But the email request came after it was reported that the data of 23.2 million people had been exposed following a system hack in February. Click to read entire article.

Premera Blue Cross will pay $10 million and take new steps to keep customers’ information safe under a settlement with 30 states. Between May 2014 and March 2015 the personal data of 38,000 Minnesotans was exposed to hackers. Click to read entire article.

An employee of vendor California Reimbursement Enterprises fell victim to a phishing attack in March, which potentially breached the data of 14,500 patients, including those from Los Angeles County DHS. Click to read entire article.

Maine’s Penobscot Community Health Center reports 13,000 patients were impacted by the billing services vendor AMCA data breach, which claimed victims from Quest, LabCorp, and BioReference. Click to read entire article.

Delta Airlines sued its customer service chat provider in New York federal court Thursday, accusing it of lax digital security practices that allowed a hacker to steal the personal information of more than 800,000 people. Click to read entire article.

British Airways is facing a record fine of £183m for last year’s breach of its security systems.
The airline, owned by IAG, says it is “surprised and disappointed” by the penalty from the Information Commissioner’s Office (ICO). At the time, BA said hackers had carried out a “sophisticated, malicious criminal attack” on its website. The ICO said it was the biggest penalty it had handed out and the first to be made public under new rules. Click to read entire article.

Incident Plunges Parts of South Africa City Into Dark
Portions of the South Africa capital of Johannesburg were left in the dark for a part of Thursday, after an unknown ransomware variant knocked out the local electrical utility’s network, databases and applications… Click to read entire article.

Football Association of Ireland (FAI) confirmed that they have suffered from a security breach of their payroll systems. This security breach has been discovered last month (i.e. in June 2019). Click to read entire article.

Marriott International said on Tuesday the UK Information Commissioner’s Office (ICO) had proposed to fine the hotel chain 99.2 million pounds (US$124 million) due to a massive data breach in its Starwood hotels reservation system. Click to read entire article.

Monzo, an UK digital bank, admits to a data breach that affects more than 500,000 customers. Click to read entire article.

The National Australia Bank spent the weekend contacting customers about a data breach which exposed the personal information of 13,000 customers. The bank uploaded the personal information of some its new customers to insecure servers of two third party providers without authorisation. Click to read entire article.

A so-called “small finance” bank in India has reportedly left sensitive data on 2.6 million of its customers exposed without password protection, according to Security Discovery reports this week. Click to read entire article.

Some personal information such as first and last name, date of birth, gender, email address, and encrypted password, as well as data related to beauty preferences may have been exposed. Click to read entire article.