SUMMER

2020

Cyber Risk News, Vol. 221 – June 24, 2020

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Honda hit by ransomware attack, REvil ransomware gang launches auction site to sell stolen data, Bank Of America admits data breach with PPP, and more.

Ransomware Corner

Honda Hit by Ransomware: Attack Follows Major 2019 Data Breach

Honda has confirmed a cyber attack on its networks that is widely believed to have involved deployment of the “Snake” ransomware. The £22 billion by market capitalisation automotive giant has admitted that production, sales and development activities are all hit. Click to read entire article.

REvil Ransomware Gang Launches Auction Site to Sell Stolen Data

Ransomware gang takes extortion to a whole new level. Threatens to auction Madonna’s legal documents in a future auction. Click to read entire article.

Community Care Patient Seeks Class Action Lawsuit Against BST Over Ransomware Attack

A Community Care Physicians patient has filed a proposed class action complaint against the accounting firm BST & Co. after data was stolen in a data breach late last year. Click to read entire article.

Westech International Hacked by MAZE Ransomware

Using MAZE ransomware, hackers encrypted Westech’s machines and pressured the company to pay up or see their materials published online. At present, it is clear that the hackers were able to access sensitive employee information. What is not known is whether the hackers were able to access the company’s military classified information. Click to read entire article.

City of Knoxville Computer Network Hit by ‘Ransomware’ Attack

The city of Knoxville’s computer network was hit Thursday with an overnight ransomware attack, forcing a shutdown of the system and prompting the city to alert the FBI and TBI. Click to read entire article.

Hacker Stealing SQL Databases to Extort Online Shop Owners

A hacker has stolen at least 31 SQL databases containing 1,620,000 rows of information relating to the customers of online shops. Click to read entire article.

MSU Computer System Breached in Ransomware Attack

An official at Michigan State University said that a school computer system has been targeted by a ransomware attack threatening to publish student information. Click to read entire article.

Cyber Insurance Industry Outlook

Global Cyber Security Insurance Market Expected to Reach US$ 32,543.6 Mn by 2026: According to BlueWeave Consulting

According to a new market report published by BlueWeave Consulting, the global cyber security insurance market was valued at US$ 4,222.3 Mn in 2017 and is expected to expand at a CAGR of 25.3% from 2018 to 2026, reaching US$ 32,543.6 Mn by the end of the forecast period. Click to read entire article.

Financial Services

Bank Of America Admits Data Breach With PPP, Notifies Customers

The data breach confirmation notice filed with the California Attorney General’s Office revealed that the incident took place on April 22, 2020, when Bank of America (the Bank) uploaded some clients’ loan application information to the U.S. Treasury and Small Business Administration (SBA) test platform. Click to read entire article.

Healthcare

Parkview Health Decision Highlights Vicarious Data Breach Liability Risk in the United States

A recent decision in Indiana highlights the data security liability risks facing employers based on the actions of their employees, extending vicarious liability even to cases where the employees were acting wholly for personal purposes. Click to read entire article.

Pediatric Home Care Giant Aveanna Hit With Data Breach Suit

Patients have filed a lawsuit against Aveanna Healthcare over a monthlong data breach, alleging the provider lacked adequate security and failed to provide timely notice, among other claims. Click to read entire article.

Gaming

Nintendo Confirms Additional 140,000 Accounts Compromised in April Data Breach

In an initial statement on April 24, Nintendo acknowledged that around 160,000 accounts were affected by a security incident that led to the leak of personal identifiable information such as nicknames, date of birth, country, region, email address and gender. Click to read entire article.

Transportation

Amtrak Resets User Passwords After Guest Rewards Data Breach

“On the evening of April 16, 2020, Amtrak determined that an unknown third party gained unauthorized access to certain Amtrak Guest Rewards accounts,” Amtrak Guest Rewards Senior Director Vicky Radke says in a notice of data breach filed with the Office of the Vermont Attorney General. Click to read entire article.

Regulations

Coping with the California Class Action Gold Rush

The California Consumer Privacy Act (CCPA) has been in effect since January 1, 2020, and it’s packed a punch. Like prospectors who were drawn to California in 1948 with the hope of striking it rich, in the first five months of 2020, lawyers have filed at least 19 class actions alleging violations of the CCPA. Click to read entire article.

EasyJet Hit With £18B Class Action Testing Value Of Privacy

UK budget airline easyJet is facing an £18 billion class-action lawsuit filed on behalf of customers impacted by a recently-disclosed data breach. Click to read entire article.

Public Entity/ Gov

San Francisco Pension Plan Reports Data Breach

The San Francisco Employees’ Retirement System (SFERS) has reported that a data breach to one of its partners’ systems occurred in late February, potentially, exposing the information of 74,000 current and prior members of the fund. Click to read entire article.

State Reveals Data Breach in Unemployment System, Changes Made

The state’s unemployment insurance computer system suffered a data breach April 23 but the breach was short-lived and the state has not received any incidents of people having their data compromised. Click to read entire article.

Lawsuit Filed Over Ohio Pandemic Unemployment Data Breach

A class-action lawsuit has been filed against a global consulting firm that recently reported that some people who have applied for Pandemic Unemployment Assistance may have had their personal data exposed. Click to read entire article.

IT/Mobile/Cloud

Wishbone Breach: 40 Million Records Leaked on Dark Web

Popular with youngsters, Wishbone is an iOS and Android app which allows users to “compare anything.” The trove of data now available to all-comers includes usernames, email addresses, mobile numbers, gender, date-of-birth, Facebook and Twitter access tokens, MD5-hashed passwords and more. Click to read entire article.

Joomla Discloses Data Breach Affecting 2,700 Users

Joomla, a free and open-source content management system for publishing web content, developed by Open Source Matters, Inc., has disclosed a data breach which affects 2,700 individuals. Click to read entire article.

Experts Reaction On 26 Million LiveJournal Credentials Leaked Online

A database containing over 26 million unique LiveJournal user accounts, including plain text passwords, is being shared for free on multiple hacker forums. Click to read entire article.

Marketing

Airbonne International Discloses Data Breach Affecting Thousands of Californians

Earlier this month, Arbonne, a multi-level marketing company advertising vegan skincare, cosmetics, and nutrition products, disclosed a data breach affecting 3,527 California residents. Click to read entire article.

Quidd Data Breach Exposes 4 Million Users, Including Youngsters

According to IT portal, Quidd, the online marketplace for trading stickers, cards, toys, and other collectibles, has disclosed a data breach. Click to read entire article.

Home Chef Serves Up Data Breach for 8 Million Records

The hacking group ShinyHunters has hit a popular mail-order meal kit company, Home Chef. Home Chef’s customer records were leaked as a result of the breach, according to a notice posted on the company’s website stating that customer information including email addresses, names, phone numbers, encrypted passwords, and four digits of credit card numbers was exposed. Click to read entire article.

Privacy (Wrongful Collection)

Google Faces $5 Billion Lawsuit After Chrome Incognito Mode Was Discovered Collecting User Data

It appears the Google is still collecting data when you are using the incognito mode. Google is facing a $5 billion class-action lawsuit for enabling data collection in the incognito mode. Click to read entire article.

Higher Ed

Former Student Sues WSU Over December Data Breach

Wichita State University is facing a new lawsuit for a data breach in December that potentially compromised the personal data of thousands of former and current faculty, staff and students. Click to read entire article.

Cyber Loss Studies

Report: Average Data Breach Costs Public Companies $116m

The report, “Trends in Cybersecurity Breach Disclosures,” reviewed 639 cyber-security breaches at public companies since 2011 and found that the average cost of a cyber-breach to a publicly traded company was $116 million. Click to read entire article.

Canada

Coinsquare CEO Says Company Was Contacted About Potential Data Breach Affecting Thousands of Users Last Year

Coinsquare had indications over a year ago that thousands of its customer’s personal data had been breached, but only notified a handful at the time, BetaKit has learned. Click to read entire article.

CPA Canada Website Hit by Data Breach

National accounting organization Chartered Professional Accounts Canada (CPA Canada) has discovered that its website was breached by an unauthorized third party, potentially exposing the personal information of many members. Click to read entire article.

EU/UK

Babylon Health Admits GP App Suffered a Data Breach

Babylon Health has acknowledged that its GP video appointment app has suffered a data breach. Click to read entire article.

150,000s of e-Learning Students Exposed in 8Belts Data Breach

vpnMentor’s research team, led by Noam Rotem and Ran Locar, discovered a data breach belonging to the Spanish e-learning platform 8Belts, affecting 150,000s of people across the globe. Click to read entire article.

Homeworkers May See Employers Breach GDPR

One in ten homeworkers believed that the expected working practices imposed by their employer do not comply with privacy legislation. Click to read entire article.

Asia Pacific

ST Engineering Aerospace’s US Subsidiary Suffers Massive Data Breach

Singapore-based ST Engineering Aerospace’s United States subsidiary has suffered a massive ransomware attack, resulting in the exposure of confidential data such as contract details with various governments, government-related organizations and airlines. Click to read entire article.

Telkom Outages Caused by Ransomware Attack

Downtime across several Telkom systems, including its call centre, is due to a ransomware attack, MyBroadband has learned from sources. . . Speculation in the industry is that Telkom has fallen prey to the PonyFinal ransomware. Microsoft Security Intelligence posted about the attack on 27 May. Click to read entire article.

BigFooty.com Leaks 70 Million Records from Sports Fan Members

BigFooty, a popular Australian sports fan website, was found to be leaking around 132 GB (70 million records) of private information belonging to its 100,000 members. Click to read entire article.

BHIM Data Breach Exposes Financial Details of 7 Million Indians

The exposed data included biometric details, as well as banking records of individuals. Click to read entire article.

Truecaller Data Being Sold On Dark Web Doesn’t Belong to Its Users, Says Company

In yet again incident of data theft, an unidentified individual is selling personal data of 47.5 Mn Indians alleged to be users of caller ID app Truecaller on the dark web, according to cybersecurity research company Cyble. Click to read entire article.


Download 2019 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber liability insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download

SUMMER 2020

Register Today!

© 2020 NetDiligence All Rights Reserved.