SUMMER

2020

Cyber Risk News, Vol. 219 – April 22, 2020

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: drug testing firm sends data breach alerts after ransomware attack, Finastra hit by ransomware attack, Cincinnati firm faces $5m data breach lawsuit, NY SHIELD Act’s data security requirements are effective March 21, and more. Don’t miss the items in ORANGE below.

THE RANSOMWARE CORNER
Drug testing firm sends data breach alerts after ransomware attack

Hammersmith Medicines Research LTD (HMR), a research company on standby to perform live trials of Coronavirus vaccines, has started emailing data breach notifications after having their data stolen and published in a ransomware attack. Click to read entire article.

Stockdale Radiology Is Circulating Notices About a Data Breach

The Stockdale Radiology medical diagnostics and analysis center is circulating notices of a data breach to its patients. As it seems, the company has fallen victim to a ransomware attack on January 17, 2020, with the network intruders managing to access locally stored patient data. Click to read entire article.

Finastra Hit by Ransomware Attack, Shuts Down Servers

Finastra, a fintech firm that provides technology solutions to banks globally, announced that it shut down its key systems due to a security breach discovered on March 20, 2020. Finastra provides financial technology services to 90 top-rated banks across 130 countries globally. Click to read entire article.

Cyber gangsters hit UK medical firm poised for work on coronavirus with Maze ransomware attack

Cyber gangsters have attacked the computer systems of a medical research company on standby to carry out trials of a possible future vaccine for the Covid-19 coronavirus. Click to read entire article.

Beaumont dental clinic breached by ransomware attack

Rainbow Dental Care, PLLC (Rainbow) has notified patients of a security breach that occurred last year. Click to read entire article.

Emotet Took Down A Network By Overheating All Computers – Expert Reaction

Microsoft says that an Emotet infection was able to take down an organisation’s entire network by maxing out CPUs on Windows devices and bringing its Internet connection down to a crawl after one employee was tricked to open a phishing email attachment. Click to read entire article.

REMOTE WORKING
—SEE FREE “WORK FROM HOME” CYBERSECURITY POLICY INSIDE THE ERISKHUB®—
Are remote workers a security risk to your business?

The popularity of working from home has steadily increased over the last 15 years, and is now estimated at 4.7 million employees — a 173% increase since 2005. This trend is likely to continue for the foreseeable future, even without the catalyst of a public health emergency. Click to read entire article.

TRANSPORTATION/LOGISTICS
Cincinnati Firm Faces $5m Data Breach Lawsuit

A Cincinnati freight brokerage company is facing a $5m lawsuit over a data breach that occurred last month. Computer systems at Total Quality Logistics (TQL) were compromised in a cyber-attack that took place on February 23. Customer and carrier information was exposed after threat actors breached the company’s online web portal. Click to read entire article.

Norwegian Cruise Line Hit By Data Breach As COVID-19 Continues To Impact Travel Industry

The threat intelligence team at DynaRisk is always monitoring the dark web for stolen data. On March 13, it found a breached database belonging to Norwegian Cruise Line. That database contained 29,969 records, of which 24,602 were unique. The data in question relates to travel agents, including Co-operative Travel, Hays Travel, TUI and Virgin Holidays, which had used a regional Norwegian Cruise Line partner portal. Click to read entire article.

TECHNOLOGY/MANUFACTURING
—VENDOR CAUSED—
GE Employees Lit Up with Sensitive Doc Breach

A phisher’s treasure chest of personally identifiable information (PII) for General Electric employees has been exposed – thanks to the compromise of one of the company’s partners, Canon Business Process Services. Click to read entire article.

Slickwraps slapped with class action lawsuit after data breach

The suit, Almeida et al. v. Slickwraps Inc., was filed on March 12th in California’s Eastern District Court. It alleges that Slickwraps “was well aware that it had lax data security measures and did absolutely nothing to prevent the very kind of cyber security incident that occurred.” Click to read entire article.

ONLINE GAMING
—CLASS ACTION ALERT—
Zynga Data Breach

A federal class action claims Zynga allowed hackers to compromise 173 million of its video game accounts, exposing users’ personal information. Click to read entire article.

PUBLIC ENTITY
Oregon Department of Human Services notifies public of data breach

On March 6, the Oregon Department of Human Services (DHS) uncovered a phishing incident that affected on staff member’s email. Click to read entire article.

Computer intrusion hits Maryland Public Defender’s Office

The state judiciary blocked all Public Defender’s Office employees from using the Maryland Electronic Courts system after the “intrusion” compromised a server, The Capital Gazette reported Tuesday. Click to read entire article.

HEALTHCARE
Healthcare Resource Group, Inc. Provides Notice of a Data Breach

Healthcare Resource Group, Inc. (“HRG”) is providing notice on behalf of Barlow Respiratory Hospital (“Barlow”) of an incident that may affect the security of certain personal information relating to current and former Barlow patients. Click to read entire article.

VA Sierra Nevada Health advises veteran patients, families of potential privacy breach

In January, a vacated office at the medical center was found to contain several boxes of veteran records. The files contained patient identifying information and/or protected health information of 680 veterans. Click to read entire article.

Kentucky University & UK Healthcare End Month-Long Malware Attack

Hackers from outside the United States compromised University of Kentucky computer networks to mine cryptocurrency in large malware attack. Click to read entire article.

Nebraska eye center’s data breached

The eye center said it became aware of a breach Jan. 13, when malware was introduced by a third party into the center’s computer systems. Patient health information including first and last names and retinal images were encrypted. Click to read entire article.

FINANCIAL SERVICES
Financial companies leak 425GB in company, client data through open database

vpnMentor researchers led by Noam Rotem said the database appears to be connected to MCA Wizard, a now-defunct app that appears to have been developed by Advantage Capital Funding and Argus Capital Funding. Click to read entire article.

RETAIL
Macy’s Faces Class Action Lawsuit After October Data Breach

A data breach case against Macy’s, originally filed in Massachusetts state court, has been removed to federal court. The complaint claims a data security breach took place between October 7 and October 15, 2019, during which hackers stole personal consumer information from Macy’s website. Click to read entire article.

PRIVACY ETHICS (WRONGFUL DATA COLLECTION/SHARING)
—LAWSUIT ALERT, CCPA ALLEGATION—
Zoom Lessons Learned: Vendor Privacy and Security Risks during COVID-19

The company was hit with a class action lawsuit claiming that Zoom illegally shared millions of users’ personal information with Facebook and failed to protect their personal information. Click to read entire article.

REGULATION UPDATES
NY SHIELD Act’s Data Security Requirements Are Effective March 21 – Is Your Organization Ready?

The New York “Stop Hacks and Improve Electronic Data Security Act” or “SHIELD Act” expands data breach reporting requirements and requires organizations to implement an information security program to protect the “private information” of New York State residents, including employee and consumer data. Click to read entire article.

CCPA Class Action Lawsuits Are Coming. Are You Ready?

The only certainties in life used to be death and taxes. In 2020, it would be safe to add California Consumer Privacy Act (CCPA) class actions to that “distinguished” list. Click to read entire article.

CANADA
Rogers Data Breach Exposed Customer Info in Unsecured Database

Canadian ISP Rogers Communications has begun to notify customers of a data breach that exposed their personal information due to an unsecured database. Click to read entire article.

UK/EUROPE
Email provider got hacked, data of 600,000 users now sold on the dark web

…Following the failed extortion attempt, the hackers are now selling the company’s data for an asking price that varies between 0.5 and 3 bitcoin ($3,500 and $22,000). Click to read entire article.

Printing Company Doxzoo Leaks Military Documents in Security Breach

Up to 100,000 customers in Britain, including businesses and some military organisations, have had 343 gigabytes worth of documents exposed online. Click to read entire article.

ASIA/PACIFIC
Government Services Minister spectacularly backflips on MyGov cyberattack claim

Government Services Minister Stuart Robert has backflipped on claims the MyGov website was subject to a crippling cyberattack which caused it to crash. Click to read entire article.

Sina Weibo Suffered Data Breach Exposing 538 Million Records Now On Sale

Chinese microblogging giant Sina Weibo has now made it to the news owing to a security incident. Weibo suffered a data breach exposing 538 million records. What’s concerning is that the stolen data is now for sale on the dark web. Click to read entire article.


Download 2019 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber liability insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download

SUMMER 2020

Register Today!

© 2020 NetDiligence All Rights Reserved.