We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Honda hit by ransomware attack, REvil ransomware gang launches auction site to sell stolen data, Bank Of America admits data breach with PPP, and more.
Honda has confirmed a cyber attack on its networks that is widely believed to have involved deployment of the “Snake” ransomware. The £22 billion by market capitalisation automotive giant has admitted that production, sales and development activities are all hit. Click to read entire article.
Ransomware gang takes extortion to a whole new level. Threatens to auction Madonna’s legal documents in a future auction. Click to read entire article.
A Community Care Physicians patient has filed a proposed class action complaint against the accounting firm BST & Co. after data was stolen in a data breach late last year. Click to read entire article.
Using MAZE ransomware, hackers encrypted Westech’s machines and pressured the company to pay up or see their materials published online. At present, it is clear that the hackers were able to access sensitive employee information. What is not known is whether the hackers were able to access the company’s military classified information. Click to read entire article.
The city of Knoxville’s computer network was hit Thursday with an overnight ransomware attack, forcing a shutdown of the system and prompting the city to alert the FBI and TBI. Click to read entire article.
A hacker has stolen at least 31 SQL databases containing 1,620,000 rows of information relating to the customers of online shops. Click to read entire article.
An official at Michigan State University said that a school computer system has been targeted by a ransomware attack threatening to publish student information. Click to read entire article.
Cyber Insurance Industry Outlook
According to a new market report published by BlueWeave Consulting, the global cyber security insurance market was valued at US$ 4,222.3 Mn in 2017 and is expected to expand at a CAGR of 25.3% from 2018 to 2026, reaching US$ 32,543.6 Mn by the end of the forecast period. Click to read entire article.
The data breach confirmation notice filed with the California Attorney General’s Office revealed that the incident took place on April 22, 2020, when Bank of America (the Bank) uploaded some clients’ loan application information to the U.S. Treasury and Small Business Administration (SBA) test platform. Click to read entire article.
A recent decision in Indiana highlights the data security liability risks facing employers based on the actions of their employees, extending vicarious liability even to cases where the employees were acting wholly for personal purposes. Click to read entire article.
Patients have filed a lawsuit against Aveanna Healthcare over a monthlong data breach, alleging the provider lacked adequate security and failed to provide timely notice, among other claims. Click to read entire article.
In an initial statement on April 24, Nintendo acknowledged that around 160,000 accounts were affected by a security incident that led to the leak of personal identifiable information such as nicknames, date of birth, country, region, email address and gender. Click to read entire article.
“On the evening of April 16, 2020, Amtrak determined that an unknown third party gained unauthorized access to certain Amtrak Guest Rewards accounts,” Amtrak Guest Rewards Senior Director Vicky Radke says in a notice of data breach filed with the Office of the Vermont Attorney General. Click to read entire article.
The California Consumer Privacy Act (CCPA) has been in effect since January 1, 2020, and it’s packed a punch. Like prospectors who were drawn to California in 1948 with the hope of striking it rich, in the first five months of 2020, lawyers have filed at least 19 class actions alleging violations of the CCPA. Click to read entire article.
UK budget airline easyJet is facing an £18 billion class-action lawsuit filed on behalf of customers impacted by a recently-disclosed data breach. Click to read entire article.
Public Entity/ Gov
The San Francisco Employees’ Retirement System (SFERS) has reported that a data breach to one of its partners’ systems occurred in late February, potentially, exposing the information of 74,000 current and prior members of the fund. Click to read entire article.
The state’s unemployment insurance computer system suffered a data breach April 23 but the breach was short-lived and the state has not received any incidents of people having their data compromised. Click to read entire article.
A class-action lawsuit has been filed against a global consulting firm that recently reported that some people who have applied for Pandemic Unemployment Assistance may have had their personal data exposed. Click to read entire article.
Popular with youngsters, Wishbone is an iOS and Android app which allows users to “compare anything.” The trove of data now available to all-comers includes usernames, email addresses, mobile numbers, gender, date-of-birth, Facebook and Twitter access tokens, MD5-hashed passwords and more. Click to read entire article.
Joomla, a free and open-source content management system for publishing web content, developed by Open Source Matters, Inc., has disclosed a data breach which affects 2,700 individuals. Click to read entire article.
A database containing over 26 million unique LiveJournal user accounts, including plain text passwords, is being shared for free on multiple hacker forums. Click to read entire article.
Earlier this month, Arbonne, a multi-level marketing company advertising vegan skincare, cosmetics, and nutrition products, disclosed a data breach affecting 3,527 California residents. Click to read entire article.
According to IT portal, Quidd, the online marketplace for trading stickers, cards, toys, and other collectibles, has disclosed a data breach. Click to read entire article.
The hacking group ShinyHunters has hit a popular mail-order meal kit company, Home Chef. Home Chef’s customer records were leaked as a result of the breach, according to a notice posted on the company’s website stating that customer information including email addresses, names, phone numbers, encrypted passwords, and four digits of credit card numbers was exposed. Click to read entire article.
Privacy (Wrongful Collection)
It appears the Google is still collecting data when you are using the incognito mode. Google is facing a $5 billion class-action lawsuit for enabling data collection in the incognito mode. Click to read entire article.
Wichita State University is facing a new lawsuit for a data breach in December that potentially compromised the personal data of thousands of former and current faculty, staff and students. Click to read entire article.
Cyber Loss Studies
The report, “Trends in Cybersecurity Breach Disclosures,” reviewed 639 cyber-security breaches at public companies since 2011 and found that the average cost of a cyber-breach to a publicly traded company was $116 million. Click to read entire article.
Coinsquare had indications over a year ago that thousands of its customer’s personal data had been breached, but only notified a handful at the time, BetaKit has learned. Click to read entire article.
National accounting organization Chartered Professional Accounts Canada (CPA Canada) has discovered that its website was breached by an unauthorized third party, potentially exposing the personal information of many members. Click to read entire article.
Babylon Health has acknowledged that its GP video appointment app has suffered a data breach. Click to read entire article.
vpnMentor’s research team, led by Noam Rotem and Ran Locar, discovered a data breach belonging to the Spanish e-learning platform 8Belts, affecting 150,000s of people across the globe. Click to read entire article.
One in ten homeworkers believed that the expected working practices imposed by their employer do not comply with privacy legislation. Click to read entire article.
Singapore-based ST Engineering Aerospace’s United States subsidiary has suffered a massive ransomware attack, resulting in the exposure of confidential data such as contract details with various governments, government-related organizations and airlines. Click to read entire article.
Downtime across several Telkom systems, including its call centre, is due to a ransomware attack, MyBroadband has learned from sources. . . Speculation in the industry is that Telkom has fallen prey to the PonyFinal ransomware. Microsoft Security Intelligence posted about the attack on 27 May. Click to read entire article.
BigFooty, a popular Australian sports fan website, was found to be leaking around 132 GB (70 million records) of private information belonging to its 100,000 members. Click to read entire article.
The exposed data included biometric details, as well as banking records of individuals. Click to read entire article.
In yet again incident of data theft, an unidentified individual is selling personal data of 47.5 Mn Indians alleged to be users of caller ID app Truecaller on the dark web, according to cybersecurity research company Cyble. Click to read entire article.