SUMMER

2020

Cyber Risk News

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Hackers used ransomware to extort $1.4m via UCSF networks, the $6 trillion heist avoiding global attention, Magellan Health data breach victim tally reaches 365K patients, and more.

Ransomware Corner

Hackers Used Ransomware to Extort $1.4M via UCSF Networks

Hackers successfully extorted $1.14 million from the University of California San Francisco after breaching its internal networks with malicious ransomware. Click to read entire article.

The $6 Trillion Heist Avoiding Global Attention

Criminal hackers demanding ransom from a leading Indian financial company once more highlighted vulnerability of an Internet-dependent economy against cybercriminals – and insufficient law-enforcement infrastructure and seriousness to tackle them. Click to read entire article.

Magellan Health Data Breach Victim Tally Reaches 365K Patients

The extent of the ransomware attack that hit Arizona-based Magellan Health in April became clear this week, with eight Magellan Health affiliates and healthcare providers reporting breaches stemming from the incident to the Department of Health and Human Services. Click to read entire article.

Florida Lawsuit Offers Glimpse Into Estimated $1.4B Ransomware Toll on U.S. Businesses

A class-action lawsuit seeking $99 million in damages has been lodged against a Tampa-based health care provider for alleged negligence in a ransomware breach of patient and employee records. Click to read entire article.

$185K Proposed Settlement Reached in Grays Harbor Data Breach Lawsuit

Grays Harbor Community Hospital and Harbor Medical Group was hit with a ransomware attack in June 2019, where hackers demanded a $1 million ransom; the proposal will settle claims of negligence. Click to read entire article.

Mobile App

Data Leak on Online Gambling App Puts Millions of Users at Risk of Cyber Attacks

A massive data leak discovered on the technical database of popular casino gambling app Cubillion exposed daily activities and personal identifiable information of millions of users, according to vpnMentor researchers. Click to read entire article.

5 Dating Apps Leak More than 1 Million User Profiles and Sensitive Information

This month, WizCase researchers discovered 5 separate data leaks of personal information belonging to dating app users in the US, Japan and South Korea. Click to read entire article.

Public Entity

Hack of Maine Police Data Means Hundreds, Including Suspects, Must Be Notified About Leak

A data breach in June that exposed thousands of sensitive law enforcement reports from Maine’s police intelligence center has slowed the secretive unit’s daily operations and forced its staff to spend time combing through the documents to notify people, including criminal suspects, that their personal information was leaked. Click to read entire article.

Professional Services

Frost & Sullivan Suffers From Global Data Breach

Frost & Sullivan, the business consulting firm involved in market research and analysis, has suffered from a major wide data breach, resulting in the exposure of some personal data. Click to read entire article.

Healthcare

Patient Data Was Potentially Compromised After Ransomware Attack on St. Mary’s Health Care Contractor

The data security incident may have resulted in unauthorized access to or acquisition of personal information, including names, date of birth, and Social Security numbers, as well as protected health information, including medical record numbers, account numbers and dates of service that were provided to HFMI in connection with the provision of insurance eligibility service. Click to read entire article.

Health Insurer Religare Hit by Data Breach

User data on 5 million of its users and employees has been compromised. Click to read entire article.

The 10 Biggest Healthcare Data Breaches of 2020, So Far

Despite the COVID-19 crisis, phishing campaigns, mishandled health record disposals, and sophisticated cyberattacks are behind some of the biggest healthcare data breaches of 2020. Click to read entire article.

CPA Regulation

Lessons From 6 Months of Calif. Privacy Law Litigation

Law360 It has been two years since the California Consumer Privacy Act was signed into law on June 28, 2018, creating an expansive framework to govern the collection, usage, disclosure and security of California residents’ personal information. Click to read entire article.

Cyber Risk Research

Data Breach Fines Could Skyrocket This Year

The number and value of fines that businesses will have to pay for mishandling user data will rise in the near future, a new report by DSA Connect claims. The company that sells services related to data management claims to have polled 1,000 workers, coming to the conclusion that more than a third (37 percent) expect both the number and value of fines to rise by 2025. Click to read entire article.

Canada

Inadequate Security, Policies Led to LifeLabs Data Breach of 15M Patients

An audit into LifeLab’s 2019 massive data breach by B.C. and Ontario privacy commissioners found the testing giant collected more PHI than necessary and lacked adequate security policies and procedures to protect patient data. Click to read entire article.

UK/EU

Italian Garante Fines Bank 600,000 Euros for Pre-GDPR Data Breach

The Italian Data Protection Authority (Garante per la protezione dei dati personali, “Garante”) recently announced that it levied a €600,000 fine on banking institution UniCredit for several violations of the Italian Personal Data Protection Code, in its pre-General Data Protection Regulation (“GDPR”) form. Click to read entire article.

Hackers Selling Personal Data of 384K BMW Owners in the UK

Personal details of hundreds of thousands of car owners in the UK, including owners of BMW, Mercedes, Honda, Hyundai, and SEAT cars, have been accessed by a hacker group and put up for sale on a Dark Web forum. Click to read entire article.

EDP Confirms Hackers Stole Company Data via a Ransomware Attack

Portuguese energy giant EDP has confirmed in a letter to customers that it suffered a ransomware attack in April that resulted in hackers gaining access to information stored in its computer systems. Click to read entire article.

EBS Being Sued by 14 Mortgage Holders ‘Denied Credit by Data Breach’

Fourteen EBS customers are suing the financial institution over an alleged data protection breach. Click to read entire article.

LATAM

Brazil’s Hapvida Discloses Cyber Breach, Potential Client Data Leak

Brazilian health insurer Hapvida said in a securities filing it has recently suffered a cyber attack potentially involving access to the personal information of its customers. Click to read entire article.

Asia Pacific

Tokopedia Files Police Report Over Alleged Data Breach

Tokopedia VP corporate communications, Nuraini Razak, on Sunday evening clarified the report suggesting that 91 million of its users’ personal data had been leaked and are able to be freely downloaded. Click to read entire article.

India’s Google-Backed Delivery App Dunzo Hit by Data Breach

Under the terms of the deal, the partnership allows Google to use Dunzo’s delivery services, while Dunzo gets access to more than 67 million residents of India who use Google’s Pay app. Click to read entire article.

Middle East

Egyptian Bus Operator Swvl Hit by Data Breach

Swvl, a bus-booking app and operator of bus routes in Egypt, Kenya, and Pakistan, has been struck by a data breach. Click to read entire article.


Vol. 222 – July 22, 2020

Download 2019 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber liability insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download

SUMMER 2020

Register Today!

© 2020 NetDiligence All Rights Reserved.