We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Hackers used ransomware to extort $1.4m via UCSF networks, the $6 trillion heist avoiding global attention, Magellan Health data breach victim tally reaches 365K patients, and more.
Ransomware Corner
Hackers successfully extorted $1.14 million from the University of California San Francisco after breaching its internal networks with malicious ransomware. Click to read entire article.
Criminal hackers demanding ransom from a leading Indian financial company once more highlighted vulnerability of an Internet-dependent economy against cybercriminals – and insufficient law-enforcement infrastructure and seriousness to tackle them. Click to read entire article.
The extent of the ransomware attack that hit Arizona-based Magellan Health in April became clear this week, with eight Magellan Health affiliates and healthcare providers reporting breaches stemming from the incident to the Department of Health and Human Services. Click to read entire article.
A class-action lawsuit seeking $99 million in damages has been lodged against a Tampa-based health care provider for alleged negligence in a ransomware breach of patient and employee records. Click to read entire article.
Grays Harbor Community Hospital and Harbor Medical Group was hit with a ransomware attack in June 2019, where hackers demanded a $1 million ransom; the proposal will settle claims of negligence. Click to read entire article.
Mobile App
A massive data leak discovered on the technical database of popular casino gambling app Cubillion exposed daily activities and personal identifiable information of millions of users, according to vpnMentor researchers. Click to read entire article.
This month, WizCase researchers discovered 5 separate data leaks of personal information belonging to dating app users in the US, Japan and South Korea. Click to read entire article.
Public Entity
A data breach in June that exposed thousands of sensitive law enforcement reports from Maine’s police intelligence center has slowed the secretive unit’s daily operations and forced its staff to spend time combing through the documents to notify people, including criminal suspects, that their personal information was leaked. Click to read entire article.
Professional Services
Frost & Sullivan, the business consulting firm involved in market research and analysis, has suffered from a major wide data breach, resulting in the exposure of some personal data. Click to read entire article.
Healthcare
The data security incident may have resulted in unauthorized access to or acquisition of personal information, including names, date of birth, and Social Security numbers, as well as protected health information, including medical record numbers, account numbers and dates of service that were provided to HFMI in connection with the provision of insurance eligibility service. Click to read entire article.
User data on 5 million of its users and employees has been compromised. Click to read entire article.
Despite the COVID-19 crisis, phishing campaigns, mishandled health record disposals, and sophisticated cyberattacks are behind some of the biggest healthcare data breaches of 2020. Click to read entire article.
CPA Regulation
Law360 It has been two years since the California Consumer Privacy Act was signed into law on June 28, 2018, creating an expansive framework to govern the collection, usage, disclosure and security of California residents’ personal information. Click to read entire article.
Cyber Risk Research
The number and value of fines that businesses will have to pay for mishandling user data will rise in the near future, a new report by DSA Connect claims. The company that sells services related to data management claims to have polled 1,000 workers, coming to the conclusion that more than a third (37 percent) expect both the number and value of fines to rise by 2025. Click to read entire article.
Canada
An audit into LifeLab’s 2019 massive data breach by B.C. and Ontario privacy commissioners found the testing giant collected more PHI than necessary and lacked adequate security policies and procedures to protect patient data. Click to read entire article.
UK/EU
The Italian Data Protection Authority (Garante per la protezione dei dati personali, “Garante”) recently announced that it levied a €600,000 fine on banking institution UniCredit for several violations of the Italian Personal Data Protection Code, in its pre-General Data Protection Regulation (“GDPR”) form. Click to read entire article.
Personal details of hundreds of thousands of car owners in the UK, including owners of BMW, Mercedes, Honda, Hyundai, and SEAT cars, have been accessed by a hacker group and put up for sale on a Dark Web forum. Click to read entire article.
Portuguese energy giant EDP has confirmed in a letter to customers that it suffered a ransomware attack in April that resulted in hackers gaining access to information stored in its computer systems. Click to read entire article.
Fourteen EBS customers are suing the financial institution over an alleged data protection breach. Click to read entire article.
LATAM
Brazilian health insurer Hapvida said in a securities filing it has recently suffered a cyber attack potentially involving access to the personal information of its customers. Click to read entire article.
Asia Pacific
Tokopedia VP corporate communications, Nuraini Razak, on Sunday evening clarified the report suggesting that 91 million of its users’ personal data had been leaked and are able to be freely downloaded. Click to read entire article.
Under the terms of the deal, the partnership allows Google to use Dunzo’s delivery services, while Dunzo gets access to more than 67 million residents of India who use Google’s Pay app. Click to read entire article.
Middle East
Swvl, a bus-booking app and operator of bus routes in Egypt, Kenya, and Pakistan, has been struck by a data breach. Click to read entire article.