We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. This month we’re highlighting the growing menace of ransomware, big breaches in retail and social media, a new study from AppRiver on the cost of data breaches for SMEs, and alleged failures of corporate executives to handle breaches responsibly. Don’t miss the items in ORANGE below.

The hackers behind the Ryuk ransomware that’s extorted several local governments across the United States for six-figure payments this year might have gotten a bit too hungry in July when they went after New Bedford, Massachusetts, for more than $5 million, but came away empty-handed when the city elected to restore its systems internally. Click to read entire article.

Entercom Communications Corp., the owner of KYW, WIP, WOGL, B101, and other Philadelphia stations, was hacked over the weekend, freezing its emails and causing computer systems to crash, according to published reports and sources. Click to read entire article.

Wolcott police are investigating a cyber attack that has left teachers and students without access to the district’s computer systems, including internet and email, for the second time this year. Click to read entire article.

State Police are investigating the discovery of ransomware on Sherman School computer servers last month. “We discovered that our system was infected with a virus that affected our ability to access our files,” Melendez said. “We immediately began to investigate with the assistance of a third-party forensic investigator to determine the nature and scope of the incident, and to assist with the remediation.” Click to read entire article.

DoorDash confirmed it suffered a data breach affecting roughly 4.9 million delivery people and merchants. …DoorDash said it noticed unusual activity from a third-party service provider earlier in September.Click to read entire article.

AG Letitia James alleges that in one instance hackers accessed more than 300,000 customer accounts in 2018, but the company failed to properly disclose they were accessed without authorization. Click to read entire article.

The City of Robstown is still working to recover important evidence lost in a data breach including a number of police photographs and videos from cases dating back from 2018 through this year. Click to read entire article.

Wisconsin Diagnostic Laboratories becomes another victim to notify their patients about the data breach caused as a result of the AMCA (American Medical Collection Agency) incident. The other victims of the AMCA breach included Quest Diagnostics, Clinical Pathology Laboratories, LabCorp, American Esoteric Laboratories, as well as others, totaling 23 affected covered entities and almost 25 million patient records. Click to read entire article.

Providence Health Plan is notifying about 122,000 members that their personal information may have been exposed in a security breach at the program’s dental plan administrator, Virginia-based Dominion National. Click to read entire article.

A European subsidiary of the company, Toyota Boshoku Corporation, was targeted by hackers as part of a business email compromise (BEC) scam. Total financial losses from the BEC scam are reportedly close to $37 million. …”It’s reasonable to assume that Toyota’s global infrastructure has been compromised to some extent. There is a multiplier effect at work with successful hacks – each one opens up numerous new opportunities to steal money, IP, data or identities.” Click to read entire article.

The unsecured database held 198 million records, including names, email addresses, phone numbers, street addresses and “other sensitive or identifiable information exposed to the public internet in plain text…” Click to read entire article.

HALF A MILLION British Airways data hack victims could be in line for pay-outs as the airline launches its own class action lawsuit. Click to read entire article.

According to the Complaint, on March 28, 2018, Delta was notified by [24]7.ai that a security incident had potentially compromised personally identifying information and payment card data of up to 825,000 of Delta’s customers. Click to read entire article.

The phone numbers of hundreds of millions of Facebook users have been discovered online in the latest major data breach for the social network. A security researcher found 419 million records on an unsecured server, meaning no password was needed to access them. Click to read entire article.

Leading employment search site Monster.com appears to have been the source of thousands of exposed resumes discovered in a third party data breach last week. While the breach did not contain financial information, the United States-based company has been adamant that it does not have any responsibility to notify end users when a business partner is breached – an attitude that is at odds with privacy regulations in much of the rest of the world, and may have run Monster.com afoul of some state laws.Click to read entire article.

A shareholder derivative suit filed Wednesday in Delaware federal court claims that FedEx Corp. misled investors by downplaying the impact of the massive 2017 cyberattack known as “NotPetya” on its European subsidiary while executives shed company stock. Click to read entire article.

Whether it’s another DDoS attack isn’t clear, but fans are beginning to get frustrated and demanding refunds from Blizzard themselves. Click to read entire article.

$149,000: the average cost of a data breach for a small-to-medium-sized business, according to AppRiver. Click to read entire article.

The Northwest Territories is facing a lawsuit over a stolen laptop containing medical files that could include information on every resident in the territory. The files were not encrypted and contained data on all kinds of physical and mental-health services to anyone who sought care in the territory, including visitors. Click to read entire article.

Pearson, a British-owned education publishing company, is at the center of a lawsuit filed by an Illinois woman and her daughter over the handling of a data breach involving student personal information. Click to read entire article.

The City of Woodstock and the Woodstock Police Service are both suffering from cyber attacks. Woodstock’s top administrator, David Creery, confirmed the city had a network breach early Saturday morning around 4 a.m. when a virus entered its computer system preventing access to city email and data networks. Click to read entire article.

Fibre Internet service provider Cool Ideas has been beleaguered by distributed denial of service attacks (DDoS) over the past few weeks. This has severely degraded performance on its network, even causing an hours-long outage. Click to read entire article.

…India ranks 15 in the world with respect to the total cost of data breaches. Around 51% of them are due to the malicious attacks, within which 27% are due to glitches in the system and 22% are due to human error. Click to read entire article.