We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Texas courts hit by ransomware attack, ransomware shuts down Colorado hospital IT network amid COVID-19, judge approves $8.9m settlement for Banner Health data breach, and more.
Directors & Officer Liability
After LabCorp reported two cyberattacks in the past 12 months and lost value as a result, a shareholder has filed suit against the company, according to a HIPAA Journal report. …The AMCA data breach cost LabCorp $11.5 million, according to a Securities and Exchange Commission filing, but that number did not include total losses or the cost of subsequent litigation. Click to read entire article.
Ransomware Corner
System administrators discovered early Friday that hackers had taken over at least a portion of the statewide court network and demanded some form of ransom in return for restoring control. In a statement, the administration said the attack began “in the overnight hours” the same day it was discovered. Click to read entire article.
Parkview Medical Center is continuing to recover from a ransomware attack that shut down its IT network over a week ago; another ransomware attack and an email hack complete this week’s breach roundup. Click to read entire article.
In a letter to the Vermont attorney general office, ExecuPharm said it was hit by a ransomware attack on March 13, 2020, and attackers may have been accessed users’ sensitive data like social security numbers, taxpayer ID/EIN, driver’s license numbers, passport numbers, bank account numbers, credit card numbers, national insurance numbers, national ID numbers, IBAN/SWIFT numbers, and beneficiary information. Click to read entire article.
A computer hacker has attempted to extort money from Zaha Hadid Architects (ZHA) after breaking into its servers and stealing confidential information Click to read entire article.
The March 1 cyberattack by a ransomware group cut off access to the city’s own website. Click to read entire article.
Remote Working
Kaspersky detected a rapid increase in brute-force hacking attempts against the remote desktop protocol (RDP), given the record number of remote workforce amid the COVID-19 crisis. Click to read entire article.
Zoom videoconferencing platform, so popular with people forced to stay home because of the coronavirus pandemic, could be vulnerable to intrusions by foreign government spy services, according to a federal intelligence analysis obtained by ABC News. Click to read entire article.
Healthcare
Phoenix-based Banner Health will pay $8.9 million to end claims from a 2016 data breach that exposed personal information of 2.9 million patients, according to Bloomberg Law. Click to read entire article.
The confidential health information of nearly 2,000 heart patients of Houston Methodist Hospital is at risk following the mid-February theft of portable storage devices containing clinical data. Click to read entire article.
East Suburban Sports Medicine Center, an athletic training and physical therapy center with branches in Allegheny and Westmoreland counties, announced a data security breach that affected more than 500 Pennsylvania residents. Click to read entire article.
Newsgroup Tech
A massive security breach has taken at least one major Usenet provider offline. UseNext says that a “security hole in a partner company” could have revealed names and bank account information, exposing customers to fraud and identity theft. Click to read entire article.
Education Tech
Chegg has confirmed its third data breach in the past three years. The education tech giant, which last year acquired Thinkful for $80 million, said hackers stole 700 current and former employee records, including their names and Social Security numbers. Click to read entire article.
IT & Workforce Solutions
The incident involves an email phishing operation that targeted Kavaliro’s workforce as well as customers, using compromised email addresses belonging to two of the firm’s employees and also a spoofed domain to trick the targets. Click to read entire article.
Online Gaming
Hackers have gained access to hundreds of thousands of Nintendo accounts this April. Nintendo confirmed on Friday, April 24, that 160,000 accounts were breached since the beginning of the month. The Japanese video game company has since readdressed weak points in its security. Click to read entire article.
Higher Education
Michigan State University said a data breach that hit one of its software vendors has affected about 300 people who processed credit card payments through its ecommerce site. Click to read entire article.
The investigation into a data breach at Illinois Valley Community College now includes the FBI and the Illinois Attorney General’s Office. Click to read entire article.
UK/Europe
As a paid subscription service, Kinomap collects enormous amounts of data about its users, all of which was stored on an unsecured database. In total, the database was leaking over 42 million records, affecting people all over the world. Click to read entire article.
Latin America
Hackers claim to have gained access to the network of Banco BCR, the state-owned Bank of Costa Rica, and stolen 11 million credit card credentials along with other data. Click to read entire article.
Asia/Pacific
Tokopedia, one of the largest e-commerce companies in Indonesia, is investigating a rumored breach to more than 15 million of its customer accounts, a company representative said in a statement on Saturday. Click to read entire article.
One of Australia’s biggest telcos is the target of a class-action lawsuit after allegedly revealing information it shouldn’t have from 50,000 customers. Click to read entire article.