We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: more ransomware attacks, more lawsuits, WaWa customer data for sale on the dark web, first wave of lawsuits citing CCPA hits the courts, and a study proposing that six big businesses could have saved $71 billion if they’d had proper antivirus solutions in place. Don’t miss the items in ORANGE below.
A malware incident damaged some Fondren Orthopedic medical records; ransomware, business email compromise, an email gaffe, phishing, and a payroll security incident complete this week’s breach roundup. Click to read entire article.
…Although a relatively primitive attack, the EKANS ransomware actively targets certain products common in ICS environments, says Joe Slowik, an adversary hunter with Dragos. Click to read entire article.
TVEyes, a platform for monitoring TV and radio news broadcasts, has taken down its operations due to a ransomware hit. In a tweet, TVEyes confirmed that its core server and engineering workstations in the U.S. were affected by ransomware, causing an outage to operations. Click to read entire article.
The school collected attendance on paper … after an unknown digital attacker breached MVLA digital systems, locking many district teachers and administrators out of their MVLA Microsoft accounts and in some cases, other necessary accounts such as Gmail and Aeries, according to MVHS Principal David Grissomlbany International Airport announced this week that its administrative computers had been locked down by a crypto virus on Christmas Day. Click to read entire article.
The college said the attacks targeted former and current students and employees and gave the criminals access to the data stored in their email accounts. The sensitive information accessed included names, student identification numbers, dates of birth, addresses, phone numbers, and email addresses. In total, 5,127 individuals had their information exposed. Click to read entire article.
A Fortnite user suing over a 2019 breach said to potentially expose the information of 200 million users must arbitrate his allegations of lax company data security, a federal judge in North Carolina ruled. Click to read entire article.
Along with the uptick in cybersecurity incidents at hospitals and health systems, patients have begun to take action in response to their data potentially being mishandled. Click to read entire article.
The health insurer began notifying affected members Dec. 10 about the incident. UnitedHealthcare discovered that an unauthorized third party had gained access to members’ health information through a care provider’s portal between July 30 and Nov. 13, 2019. Click to read entire article.
Meadville (Pa.) Medical Center began notifying employees Jan. 23 about a data breach within its payroll system, according to the Meadville Tribune. Click to read entire article.
According to a statement, Sinai Health System (Sinai) became aware of a potential data security incident that may have resulted in the in advertent exposure of some patients’ personal and health information. On October 16, 2019, forensic information technology experts determined that patient information could be at risk after an unknown third party gained unauthorized access to two employee email accounts. Click to read entire article.
Security pros from threat intelligence firm Gemini Advisory revealed that hackers kept payment card details of Wawa’s customers on “Joker’s Stash” a dark web marketplace for trading stolen cards data. Click to read entire article.
Golden Entertainment has notified customers, employees, and vendors of an incident involving unauthorised access to employee’ email accounts. Click to read entire article.
Facebook Inc has reached a US$550-million settlement of claims it collected and stored millions of users’ biometric data without their consent, as chief executive Mark Zuckerberg pledged better protections for users to address privacy concerns that have dogged the social media company. Click to read entire article.
Salesforce.com Inc. and a children’s clothing company face data-breach allegations in a federal court lawsuit that is among the first to cite California’s landmark privacy law since it took effect Jan. 1. Click to read entire article.
Two couples who both allege their Ring cameras were hacked have filed suit against the company, claiming the invasion of privacy was “terrifying” and has caused emotional distress and anxiety. Click to read entire article.
So far in the investigation, it appears that an estimated 4.7 million British Columbians may have been impacted by a data breach at a medical laboratory company late last year. Click to read entire article.
A data breach at UK-based Crew and Concierge Limited has exposed the personal data of 17,379 people of 50 different nationalities working in the yachting industry. Click to read entire article.
A British medical products developer that creates skin, bone and organ grafts has shut its manufacturing plant in the US after it suffered a cybersecurity breach. Click to read entire article.
German automotive parts manufacturer Gedia Automotive Group became the latest victim of the global scourge of ransomware infections after a hacker group used the Sodinokibi ransomware to gain control over the company’s entire IT infrastructure. Click to read entire article.
Data gathered and calculated by Precisecurity.com shows that Adobe, Facebook, First American Corporation, Health Sciences Authority, Ministry of Health (Singapore), and Quest Diagnostics could have saved the amount if they had proper antivirus solutions in place. Click to read entire article.
A data breach has hit one of India’s largest privately-held carriers, SpiceJet, affecting 1.2 million passengers in the country. Security researchers who first revealed the data breach told TechCrunch that they gained access to the carrier’s systems by brute-forcing the system’s easily guessable password. Click to read entire article.