SUMMER

2020

Cyber Risk News, Vol. 220 – May 20, 2020

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Texas courts hit by ransomware attack, ransomware shuts down Colorado hospital IT network amid COVID-19, judge approves $8.9m settlement for Banner Health data breach, and more.

Directors & Officer Liability

Labcorp Faces Shareholder Lawsuit After 2 Cyberattacks in 12 Months: 5 Details

After LabCorp reported two cyberattacks in the past 12 months and lost value as a result, a shareholder has filed suit against the company, according to a HIPAA Journal report. …The AMCA data breach cost LabCorp $11.5 million, according to a Securities and Exchange Commission filing, but that number did not include total losses or the cost of subsequent litigation. Click to read entire article.

Ransomware Corner

Texas Courts Hit by Ransomware Attack

System administrators discovered early Friday that hackers had taken over at least a portion of the statewide court network and demanded some form of ransom in return for restoring control. In a statement, the administration said the attack began “in the overnight hours” the same day it was discovered. Click to read entire article.

Ransomware Shuts Down Colorado Hospital IT Network Amid COVID-19

Parkview Medical Center is continuing to recover from a ransomware attack that shut down its IT network over a week ago; another ransomware attack and an email hack complete this week’s breach roundup. Click to read entire article.

ExecuPharm Suffers Ransomware Attack, Hackers Published Data on Darknet

In a letter to the Vermont attorney general office, ExecuPharm said it was hit by a ransomware attack on March 13, 2020, and attackers may have been accessed users’ sensitive data like social security numbers, taxpayer ID/EIN, driver’s license numbers, passport numbers, bank account numbers, credit card numbers, national insurance numbers, national ID numbers, IBAN/SWIFT numbers, and beneficiary information. Click to read entire article.

Zaha Hadid Architects Held to Ransom by Cyberhacker

A computer hacker has attempted to extort money from Zaha Hadid Architects (ZHA) after breaking into its servers and stealing confidential information Click to read entire article.

Hackers Stole Sensitive Information in Torrance Cyberattack

The March 1 cyberattack by a ransomware group cut off access to the city’s own website. Click to read entire article.

Remote Working

COVID-19 Remote Work Causes Spike in Brute-Force RDP Cyberattacks

Kaspersky detected a rapid increase in brute-force hacking attempts against the remote desktop protocol (RDP), given the record number of remote workforce amid the COVID-19 crisis. Click to read entire article.

Intel Report Warns Zoom Could Be Vulnerable to Foreign Surveillance

Zoom videoconferencing platform, so popular with people forced to stay home because of the coronavirus pandemic, could be vulnerable to intrusions by foreign government spy services, according to a federal intelligence analysis obtained by ABC News. Click to read entire article.

Healthcare

Judge Approves $8.9M Settlement for Banner Health Data Breach

Phoenix-based Banner Health will pay $8.9 million to end claims from a 2016 data breach that exposed personal information of 2.9 million patients, according to Bloomberg Law. Click to read entire article.

Methodist Patient Information Breached

The confidential health information of nearly 2,000 heart patients of Houston Methodist Hospital is at risk following the mid-February theft of portable storage devices containing clinical data. Click to read entire article.

East Suburban Clinic Reports Data Breach Affecting 500 Patients

East Suburban Sports Medicine Center, an athletic training and physical therapy center with branches in Allegheny and Westmoreland counties, announced a data security breach that affected more than 500 Pennsylvania residents. Click to read entire article.

Newsgroup Tech

Massive & Unprecedented Security Breach Takes Usenet Providers Offline

A massive security breach has taken at least one major Usenet provider offline. UseNext says that a “security hole in a partner company” could have revealed names and bank account information, exposing customers to fraud and identity theft. Click to read entire article.

Education Tech

Hackers Hit Chegg for the Third Time Since 2018

Chegg has confirmed its third data breach in the past three years. The education tech giant, which last year acquired Thinkful for $80 million, said hackers stole 700 current and former employee records, including their names and Social Security numbers. Click to read entire article.

IT & Workforce Solutions

Kavaliro IT Solutions Announced a Breach Which Exposed Customer Data

The incident involves an email phishing operation that targeted Kavaliro’s workforce as well as customers, using compromised email addresses belonging to two of the firm’s employees and also a spoofed domain to trick the targets. Click to read entire article.

Online Gaming

Incident of the Week: Nintendo Investigating 160,000 Account Breaches

Hackers have gained access to hundreds of thousands of Nintendo accounts this April. Nintendo confirmed on Friday, April 24, that 160,000 accounts were breached since the beginning of the month. The Japanese video game company has since readdressed weak points in its security. Click to read entire article.

Higher Education

Michigan State Grapples with Data Breach in Third-Party Software

Michigan State University said a data breach that hit one of its software vendors has affected about 300 people who processed credit card payments through its ecommerce site. Click to read entire article.

Latest On IVCC Data Breach

The investigation into a data breach at Illinois Valley Community College now includes the FBI and the Illinois Attorney General’s Office. Click to read entire article.

UK/Europe

Data Breach Report: Kinomap, Exercise App, Exposes 42 Million User Records

As a paid subscription service, Kinomap collects enormous amounts of data about its users, all of which was stored on an unsecured database. In total, the database was leaking over 42 million records, affecting people all over the world. Click to read entire article.

Latin America

Hackers Say They Stole Millions of Credit Cards From Banco BCR

Hackers claim to have gained access to the network of Banco BCR, the state-owned Bank of Costa Rica, and stolen 11 million credit card credentials along with other data. Click to read entire article.

Asia/Pacific

Tokopedia Investigates Data Breach Compromising 15m User Accounts

Tokopedia, one of the largest e-commerce companies in Indonesia, is investigating a rumored breach to more than 15 million of its customer accounts, a company representative said in a statement on Saturday. Click to read entire article.

Maurice Blackburn Lead Class Action Against Optus Over Data Breach

One of Australia’s biggest telcos is the target of a class-action lawsuit after allegedly revealing information it shouldn’t have from 50,000 customers. Click to read entire article.


Tags:

Download 2019 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber liability insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download

SUMMER 2020

Register Today!

© 2020 NetDiligence All Rights Reserved.