RESPONSE AND RESILIENCE

2020

Cyber Risk News

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: more ransomware attacks, more lawsuits, WaWa customer data for sale on the dark web, first wave of lawsuits citing CCPA hits the courts, and a study proposing that six big businesses could have saved $71 billion if they’d had proper antivirus solutions in place. Don’t miss the items in ORANGE below.

THE RANSOMWARE CORNER
Malware Destroys Data of 30,000 Fondren Orthopedic Patients

A malware incident damaged some Fondren Orthopedic medical records; ransomware, business email compromise, an email gaffe, phishing, and a payroll security incident complete this week’s breach roundup. Click to read entire article.

EKANS Ransomware Raises Industrial-Control Worries

…Although a relatively primitive attack, the EKANS ransomware actively targets certain products common in ICS environments, says Joe Slowik, an adversary hunter with Dragos. Click to read entire article.

Ransomware Strikes News Monitoring Service Platform TVEyes

TVEyes, a platform for monitoring TV and radio news broadcasts, has taken down its operations due to a ransomware hit. In a tweet, TVEyes confirmed that its core server and engineering workstations in the U.S. were affected by ransomware, causing an outage to operations. Click to read entire article.

Teachers and administrators forced offline after cyber attacker breaches district

The school collected attendance on paper … after an unknown digital attacker breached MVLA digital systems, locking many district teachers and administrators out of their MVLA Microsoft accounts and in some cases, other necessary accounts such as Gmail and Aeries, according to MVHS Principal David Grissomlbany International Airport announced this week that its administrative computers had been locked down by a crypto virus on Christmas Day. Click to read entire article.

HIGHER EDUCATION
Phishing attack exposes data for over 5,000 people at St. Louis Community College

The college said the attacks targeted former and current students and employees and gave the criminals access to the data stored in their email accounts. The sensitive information accessed included names, student identification numbers, dates of birth, addresses, phone numbers, and email addresses. In total, 5,127 individuals had their information exposed. Click to read entire article.

ONLINE GAMING
Epic Games Wins Arbitration Bid for Fortnite Breach Lawsuit (1)

A Fortnite user suing over a 2019 breach said to potentially expose the information of 200 million users must arbitrate his allegations of lax company data security, a federal judge in North Carolina ruled. Click to read entire article.

HEALTHCARE
5 hospitals, health systems facing lawsuits after cyberattack

Along with the uptick in cybersecurity incidents at hospitals and health systems, patients have begun to take action in response to their data potentially being mishandled. Click to read entire article.

UnitedHealthcare notifies nearly 1,000 members of data breach

The health insurer began notifying affected members Dec. 10 about the incident. UnitedHealthcare discovered that an unauthorized third party had gained access to members’ health information through a care provider’s portal between July 30 and Nov. 13, 2019. Click to read entire article.

Pennsylvania hospital investigates payroll system data breach

Meadville (Pa.) Medical Center began notifying employees Jan. 23 about a data breach within its payroll system, according to the Meadville Tribune. Click to read entire article.

Chicago Healthcare Provider Sinai Health System Hit With Data Breach

According to a statement, Sinai Health System (Sinai) became aware of a potential data security incident that may have resulted in the in advertent exposure of some patients’ personal and health information. On October 16, 2019, forensic information technology experts determined that patient information could be at risk after an unknown third party gained unauthorized access to two employee email accounts. Click to read entire article.

RETAIL
Hackers Put 30 Million Wawa Customers’ Data for Sale

Security pros from threat intelligence firm Gemini Advisory revealed that hackers kept payment card details of Wawa’s customers on “Joker’s Stash” a dark web marketplace for trading stolen cards data. Click to read entire article.

CASINO
Golden Entertainment addresses data breach

Golden Entertainment has notified customers, employees, and vendors of an incident involving unauthorised access to employee’ email accounts. Click to read entire article.

PRIVACY ETHICS (WRONGFUL DATA COLLECTION/SHARING)
Zuckerberg pledges Facebook privacy upgrades after US$550M facial recognition settlement

Facebook Inc has reached a US$550-million settlement of claims it collected and stored millions of users’ biometric data without their consent, as chief executive Mark Zuckerberg pledged better protections for users to address privacy concerns that have dogged the social media company. Click to read entire article.

PRIVACY REGULATION
—CCPA ALERT—
Salesforce Data Breach Suit Cites California Privacy Law

Salesforce.com Inc. and a children’s clothing company face data-breach allegations in a federal court lawsuit that is among the first to cite California’s landmark privacy law since it took effect Jan. 1. Click to read entire article.

IoT HOME DEVICES
Families Are Suing Ring Over Hacked Home Security Cameras: ‘It Was from a Horror Film’

Two couples who both allege their Ring cameras were hacked have filed suit against the company, claiming the invasion of privacy was “terrifying” and has caused emotional distress and anxiety. Click to read entire article.

CANADA
4.7M of B.C.’s 5M residents may have been impacted by LifeLabs cyberattack: privacy commissioner

So far in the investigation, it appears that an estimated 4.7 million British Columbians may have been impacted by a data breach at a medical laboratory company late last year. Click to read entire article.

UK/EUROPE
Exclusive: Data breach exposes 17,000 yachting industry professionals

A data breach at UK-based Crew and Concierge Limited has exposed the personal data of 17,379 people of 50 different nationalities working in the yachting industry. Click to read entire article.

Data Breach Forces Shutdown at UK Skin and Bone Manufacturer

A British medical products developer that creates skin, bone and organ grafts has shut its manufacturing plant in the US after it suffered a cybersecurity breach. Click to read entire article.

Sodinokibi ransomware attack cripples Gedia Automotive Group’s IT network

German automotive parts manufacturer Gedia Automotive Group became the latest victim of the global scourge of ransomware infections after a hacker group used the Sodinokibi ransomware to gain control over the company’s entire IT infrastructure. Click to read entire article.

ASIA/PACIFIC
Antivirus would have saved these businesses $71 billion in 2019

Data gathered and calculated by Precisecurity.com shows that Adobe, Facebook, First American Corporation, Health Sciences Authority, Ministry of Health (Singapore), and Quest Diagnostics could have saved the amount if they had proper antivirus solutions in place. Click to read entire article.

India’s largest private-held carriers SpiceJet data breach affects 1.2 million passengers

A data breach has hit one of India’s largest privately-held carriers, SpiceJet, affecting 1.2 million passengers in the country. Security researchers who first revealed the data breach told TechCrunch that they gained access to the carrier’s systems by brute-forcing the system’s easily guessable password. Click to read entire article.


Vol. 217 – February 19, 2020

Download 2019 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber liability insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download

RESPONSE AND RESILIENCE

Register Today!

© 2020 NetDiligence All Rights Reserved.


Fatal error: Uncaught wfWAFStorageFileException: Unable to verify temporary file contents for atomic writing. in /home/netd/public_html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:52 Stack trace: #0 /home/netd/public_html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(659): wfWAFStorageFile::atomicFilePutContents('/home/netd/publ...', '<?php exit('Acc...') #1 [internal function]: wfWAFStorageFile->saveConfig('livewaf') #2 {main} thrown in /home/netd/public_html/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 52