Cyber Risk News

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. This month we’re highlighting the growing menace of ransomware, big breaches in retail and social media, a new study from AppRiver on the cost of data breaches for SMEs, and alleged failures of corporate executives to handle breaches responsibly. Don’t miss the items in ORANGE below.

Ransomware demanded $5.3M from Massachusetts city in July attack

The hackers behind the Ryuk ransomware that’s extorted several local governments across the United States for six-figure payments this year might have gotten a bit too hungry in July when they went after New Bedford, Massachusetts, for more than $5 million, but came away empty-handed when the city elected to restore its systems internally. Click to read entire article.

Radio giant Entercom hacked for $500,000 ransom, reports say

Entercom Communications Corp., the owner of KYW, WIP, WOGL, B101, and other Philadelphia stations, was hacked over the weekend, freezing its emails and causing computer systems to crash, according to published reports and sources. Click to read entire article.

Wolcott Public Schools go offline once again following a possible second ransomware attack

Wolcott police are investigating a cyber attack that has left teachers and students without access to the district’s computer systems, including internet and email, for the second time this year. Click to read entire article.

Police investigate attempted Sherman School data breach

State Police are investigating the discovery of ransomware on Sherman School computer servers last month. “We discovered that our system was infected with a virus that affected our ability to access our files,” Melendez said. “We immediately began to investigate with the assistance of a third-party forensic investigator to determine the nature and scope of the incident, and to assist with the remediation.” Click to read entire article.

DoorDash suffered a data breach that affected 4.9 million people

DoorDash confirmed it suffered a data breach affecting roughly 4.9 million delivery people and merchants. …DoorDash said it noticed unusual activity from a third-party service provider earlier in September.Click to read entire article.

New York AG Sues Dunkin’ for ‘Glazing’ Over Cyberattacks Targeting Thousands of Customers

AG Letitia James alleges that in one instance hackers accessed more than 300,000 customer accounts in 2018, but the company failed to properly disclose they were accessed without authorization. Click to read entire article.

City of Robstown still working to recover evidence lost in ransomware attack

The City of Robstown is still working to recover important evidence lost in a data breach including a number of police photographs and videos from cases dating back from 2018 through this year. Click to read entire article.

114,000 customers alerted by Wisconsin Diagnostic Laboratories about data breach

Wisconsin Diagnostic Laboratories becomes another victim to notify their patients about the data breach caused as a result of the AMCA (American Medical Collection Agency) incident. The other victims of the AMCA breach included Quest Diagnostics, Clinical Pathology Laboratories, LabCorp, American Esoteric Laboratories, as well as others, totaling 23 affected covered entities and almost 25 million patient records. Click to read entire article.

Providence Health Plan notifying 122K members of 3rd-party data breach

Providence Health Plan is notifying about 122,000 members that their personal information may have been exposed in a security breach at the program’s dental plan administrator, Virginia-based Dominion National. Click to read entire article.

Toyota Subsidiary Loses $37 Million Due to BEC Scam

A European subsidiary of the company, Toyota Boshoku Corporation, was targeted by hackers as part of a business email compromise (BEC) scam. Total financial losses from the BEC scam are reportedly close to $37 million. …”It’s reasonable to assume that Toyota’s global infrastructure has been compromised to some extent. There is a multiplier effect at work with successful hacks – each one opens up numerous new opportunities to steal money, IP, data or identities.” Click to read entire article.

Data Breach Leaks 198M Car Buyers’ Personal Data

The unsecured database held 198 million records, including names, email addresses, phone numbers, street addresses and “other sensitive or identifiable information exposed to the public internet in plain text…” Click to read entire article.

British Airways data hack victims ‘could get up to £16,000 compensation’ as airline launches its own class action lawsuit

HALF A MILLION British Airways data hack victims could be in line for pay-outs as the airline launches its own class action lawsuit. Click to read entire article.

Delta Airlines Sues Vendor for Data Breach

According to the Complaint, on March 28, 2018, Delta was notified by [24] that a security incident had potentially compromised personally identifying information and payment card data of up to 825,000 of Delta’s customers. Click to read entire article.

Facebook accidentally leaks phone numbers of 419 million users

The phone numbers of hundreds of millions of Facebook users have been discovered online in the latest major data breach for the social network. A security researcher found 419 million records on an unsecured server, meaning no password was needed to access them. Click to read entire article.

How Much Responsibility Should Take for Third Party Data Breach?

Leading employment search site appears to have been the source of thousands of exposed resumes discovered in a third party data breach last week. While the breach did not contain financial information, the United States-based company has been adamant that it does not have any responsibility to notify end users when a business partner is breached – an attitude that is at odds with privacy regulations in much of the rest of the world, and may have run afoul of some state laws.Click to read entire article.

FedEx Brass Downplayed Cyberattack, Shed Stock, Suit Says

A shareholder derivative suit filed Wednesday in Delaware federal court claims that FedEx Corp. misled investors by downplaying the impact of the massive 2017 cyberattack known as “NotPetya” on its European subsidiary while executives shed company stock. Click to read entire article.

WoW Classic Down AGAIN: Blizzard server status offline following new DDoS attack

Whether it’s another DDoS attack isn’t clear, but fans are beginning to get frustrated and demanding refunds from Blizzard themselves. Click to read entire article.

SMBs Severely Underestimate Data Breach Costs

$149,000: the average cost of a data breach for a small-to-medium-sized business, according to AppRiver. Click to read entire article.

N.W.T. faces lawsuit over health data breach that could affect all residents

The Northwest Territories is facing a lawsuit over a stolen laptop containing medical files that could include information on every resident in the territory. The files were not encrypted and contained data on all kinds of physical and mental-health services to anyone who sought care in the territory, including visitors. Click to read entire article.

Lawsuit Alleges Publisher Breach Affected 1M Students

Pearson, a British-owned education publishing company, is at the center of a lawsuit filed by an Illinois woman and her daughter over the handling of a data breach involving student personal information. Click to read entire article.

Woodstock city, police victims of ransomware-like cyber attack

The City of Woodstock and the Woodstock Police Service are both suffering from cyber attacks. Woodstock’s top administrator, David Creery, confirmed the city had a network breach early Saturday morning around 4 a.m. when a virus entered its computer system preventing access to city email and data networks. Click to read entire article.

DDoS attacks can wipe South African ISPs off the Internet

Fibre Internet service provider Cool Ideas has been beleaguered by distributed denial of service attacks (DDoS) over the past few weeks. This has severely degraded performance on its network, even causing an hours-long outage. Click to read entire article.

Losing over Rs 5000: Indian Company’s Data is Hacked or Stolen

…India ranks 15 in the world with respect to the total cost of data breaches. Around 51% of them are due to the malicious attacks, within which 27% are due to glitches in the system and 22% are due to human error. Click to read entire article.

Vol. 213 – October 3, 2019

Download 2021 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.


© 2021 NetDiligence All Rights Reserved.