SUMMER

2020

Cyber Risk News, Vol. 218 – March 18, 2020

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: ransomware attacks are occurring in virtually every business sector, lawsuits filed against MGM and UW Medicine for 2019 data breaches, security vulnerabilities in the cannabis industry, a hacker group breaches AWS servers, French critical infrastructure firms were hacked as part of an extended malware campaign, and more.

Ransomware Corner

Casinos in Las Vegas Hit by Suspected Ransomware Attack

Slot machines in two Las Vegas casinos were out of action for almost a week in an incident that bears all the hallmarks of a ransomware attack. Click to read entire article.

Tesla, SpaceX Parts Manufacturer Suffers Data Breach

Visser Precision, a maker of parts for the aerospace, automotive, industrial, and manufacturing industries, has confirmed a security incident likely caused by the DoppelPaymer ransomware. Click to read entire article.

US Railroad Contractor Reports Data Breach After Ransomware Attack

RailWorks Corporation, one of North America’s leading railroad track and transit system providers, disclosed a ransomware attack that led to the exposure of personally identifiable information of current and former employees, their beneficiaries and dependents, as well as that of independent contractors. Click to read entire article.

Nebraska Health-Care Consultant Hit with Cyberattack

Lincoln-based NRC Health, which provides performance analytics and management services for health-care companies, announced that it was breached by a Feb. 11 ransomware attack. The FBI has been notified. Click to read entire article.

Accounting Firm Ransomware Hack Affects Community Care Patient Data

New York-based accounting firm BST was recently infected with Maze malware, which potentially compromised patient data from Community Care Physicians. Click to read entire article.

Reading Light Hit By Ransomware Breach, Financial Data Secure

The Reading Municipal Light Department was the target of a ransomware security breach Friday, the utility said Monday. Click to read entire article.

“Be Prepared” – The Magic Words of Ransomware Mitigation

Unfortunately, not all businesses are so prepared. Many get hit and then fall into a state of panicked inertia, too concerned with the ‘how’ and ‘why,’ and too scared of making missteps in response. Click to read entire article.

Hospitality

MGM Sued for 2019 Data Breach

Plaintiff has filed a class-action lawsuit against MGM Resorts International on behalf of himself and others similarly situated in regards to a data breach that occurred in July 2019. Identifying information of more than 10.6 million guests was allegedly shared online. Click to read entire article.

Retail

Slickwraps Apologizes to Customers After Comically Bad Data Breach

What’s unusual about this case is how the hacker apparently breached Slickwraps’ systems: not by discovering the vulnerability on their own, but by reading a now-deleted Medium post from an anonymous fellow hacker. Click to read entire article.

Healthcare

UW Medicine Faces Class-Action Lawsuit Following Data Breach That Affected 974,000 Patients

In February 2019, UW Medicine officials notified 974,000 patients of a data error that allowed their information to be viewable in internet searches. UW Medicine became aware of the incident Dec. 26, 2018, and took immediate action to remove the patient files from the internet. An internal human error made the patient files accessible. Click to read entire article.

Harris Health System Warns Nearly 2,300 Patients of Possible Privacy Breach After Personal Files Lost

Officials said two envelopes containing 143 pages of protected health information were lost while they were being transported to Ben Taub Hospital. Click to read entire article.

Advocate Aurora’s HR System Breached in Email Phishing Campaign

The personal information of some current and former Advocate Aurora Health employees, including their Social Security numbers and bank accounts, might have been compromised in an email phishing campaign. The Milwaukee- and Downers Grove, Illinois-based health system said the early January breach gave an unauthorized individual temporary access to a human resource system that houses personal information of former and current employees. Click to read entire article.

Mobile App

Walgreens Reports Data Breach from Personal Mobile Messaging App Error

A report filed with California shows an internal error on the Walgreens messaging app exposed the personal messages stored on its database to be viewable by other customers. Click to read entire article.

K-12 Schools

Data Breach Exposed Some Lincoln County Schools Workers’ Private Information

The company that handles the district’s employee benefits plan, Interactive Medical Systems Corporation, said it was attacked in a phishing scam. Click to read entire article.

Ransomware Scare at Spartanburg District One

The school’s computer systems are up and running now, but were shut down for two days last week. That shut-down was part of a process to keep information safe. Click to read entire article.

Detectives Investigate Data Breach at Jefferson County School District

The Jefferson County Sheriff’s Office is trying to determine the full extent of a data breach at the Hillsboro R-3 School District, but believe there could end up being dozens of victims. Click to read entire article.

Transportation/Logistics

UPDATE: TQL Says Data Breach Was Not Malware or Ransomware Attack Total Quality Logistics

(TQL) says it will continue to work with an expert cybersecurity firm to find out how external hackers breached its IT systems and gained access to some carriers’ sensitive business information. Tom Millikin, corporate communications manager of TQL, told FreightWaves the data breach was not a malware or ransomware attack. Click to read entire article.

Cyber Cannabis

Data Breach Exposes Cannabis Industry Security Vulnerabilities

A significant data breach involving software that is widely used by cannabis dispensaries spotlights the industry’s critical need to secure its customers’ personally identifiable information. The incident involved an unsecured and unencrypted database containing approximately 85,000 files that included sensitive medical data. Click to read entire article.

Cloud

Rootkit in the Cloud: Hacker Group Breaches AWS Servers

A sophisticated hacker group pwned Amazon Web Services (AWS) servers, set up a rootkit that let them remotely control servers, then merrily funnelled sensitive corporate data home to its command and control (C2) servers from a range of compromised Windows and Linux machines inside an AWS data centre. Click to read entire article.

How the Cloud Has Opened New Doors for Hackers

Easy remote access has helped transform many companies’ computer systems from electronic fortresses to entities more like coffee shops with people and services streaming to and fro. Click to read entire article.

Technology

Facial Recognition Biz Clearview AI Suffers Data Breach

A controversial facial recognition company has just informed its customers of a data breach in which its entire client list was stolen. Clearview AI leapt to fame in January when a New York Times report claimed that the start-up had scraped up to three billion images from social media sites to add to its database. Click to read entire article.

Smart Camera Startup Wyze Sued Following Data Breach That Exposed Customer Information

A Wyze Labs customer is suing the Seattle smart security camera maker following a data breach last year that exposed personal information of approximately 2.4 million users. Click to read entire article.

Canada

Desjardins Data Breach Costs £30m More Than Anticipated

Desjardins chief executive Guy Cormier has announced that the data breach, that the Canadian credit union suffered in 2019, cost it £84.54 million to address instead of £54.80 it had estimated. Click to read entire article.

Hackers Infiltrate Computer Systems at B.C. Paper Mills

Production has been impacted at three B.C. mills after the IT systems at Paper Excellence Canada were found to be infiltrated with malware. Click to read entire article.

Canada Data Breach: 360,000 Teachers in Quebec Potentially Impacted

The government of Quebec has admitted to a data breach potentially impacting around 360,000 teachers employed in the Canadian province. Click to read entire article.

Personal Information of Students, Faculty, Alumni Leaked in SFU Ransomware Attack

Simon Fraser University says the personal information of students, faculty, staff and alumni was exposed Thursday following a ransomware attack. Click to read entire article.

UK/Europe

French Firms Rocked by Kasbah Hacker?

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. Click to read entire article.

U.K.’s Financial Conduct Authority Admits to Accidental Data Breach

The U.K.’s Financial Conduct Authority (FCA) apologized after it accidentally exposed the confidential details of around 1,600 consumers who complained against it, in response to a Freedom of Information (FoI) request for data. Click to read entire article.

Hackers Steal Customer Data from UK FinTech Loqbox

A UK-based fintech was hit by a “sophisticated” cyber-attack last month, compromising the payment information and personal details of its customers. Click to read entire article.

Tesco Issues 620,000 New Clubcards to Account Holders After Discovering a Potential Data Breach

Tesco has blocked 620,000 Clubcard accounts and reissued loyalty cards after the supermarket uncovered a potential data breach. Click to read entire article.


Download 2019 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber liability insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download

SUMMER 2020

Register Today!

© 2020 NetDiligence All Rights Reserved.