RESPONSE AND RESILIENCE

2020

Cyber Risk News

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Canon allegedly suffered a ransomware attack, ransomware gang publishes tens of GBs of internal data from LG and Xerox, Garmin reportedly paid a multi-million dollar ransom, and more.

Ransomware Corner

Has Canon Suffered A Ransomware Attack? 10TB Of Data Alleged Stolen: Report

According to Bleeping Computer, which has a partial screenshot of what is alleged to be the ransom note, Canon was attacked during the morning of August 5 by the notorious Maze ransomware gang. A member of the cybercrime group told the publication that it had stolen 10 terabytes of “data, private databases, etc.” Click to read entire article.

Ransomware Gang Publishes Tens of GBs of Internal Data From LG and Xerox

Maze gang publishes internal data from LG and Xerox after failed extortion attempt. Click to read entire article.

Reports Suggest Garmin Paid a Multi-Million Dollar Ransom

Garmin has reportedly paid 10 million US dollars via a third-party company to get its systems up and running after the recent cyber attack. Click to read entire article.

Summit Medical Associates Discloses Ransomware Attack; Patient and Affiliate Information Potentially Impacted

“On or about June 5, 2020, Summit discovered that it was unable to access certain data and records stored on its server,” the notice reads. “Summit immediately launched an investigation, with the assistance of third-party forensic computer experts, to determine the nature and scope of the incident. It was determined that certain information was encrypted by ransomware.” Click to read entire article.

Lafayette Pays $45,000 To Resolve Cyberattack On City’s Computer System

The City of Lafayette announced a malicious breach of its computer system that crippled the network last week. City officials opted to pay $45,000 “ransom” rather than risk further delay or damage to the municipality’s online operations. Click to read entire article.

NetWalker Ransomware Gang Has Made $25 Million Since March 2020

The operators of the NetWalker ransomware are believed to have earned more than $25 million from ransom payments since March this year, security firm McAfee said today. Click to read entire article.

Cloud/Aggregation

Blackbaud Data Breach Affects WBUR And Other Nonprofits

Boston University and WBUR notified donors on Saturday that some of their personal information may have been compromised. Blackbaud, a company that provides fundraising technology, says its client data was stolen. It’s unclear how many organizations are affected by the data breach. Other media organizations are reporting that many nonprofits and higher education institutions are affected, and the BBC reports that at least 125 organizations in the United Kingdom have been affected. Click to read entire article.

Unprotected Server Contains Sensitive Data From Various Firms

A leaky bucket that contained data belonging to a large number of firms remained online for months. The server hosts 5.5 million totaling 343GB in size. Click to read entire article.

Financial Services

Capital One Fined $80 Million in Data Breach

The U.S. Treasury Department has fined Capital One $80 million for careless network security practices that enabled a hack that accessed the personal information of 106 million of the bank’s credit card holders. Click to read entire article.

Morgan Stanley Faces Lawsuits From ITAD Data Mishap

Morgan Stanley on July 10 wrote to clients disclosing “potential data security incidents” related to their personal information. The incidents occurred during multiple ITAD processes over the past four years, according to the letter. “In 2016, Morgan Stanley closed two data centers and decommissioned the computer equipment in both locations,” the company wrote. “As is customary, we contracted with a vendor to remove the data from the devices. We subsequently learned that certain devices believed to have been wiped of all information still contained some unencrypted data.” Click to read entire article.

Hackers Say ‘Jackpotting’ Flaws Tricked Popular ATMs Into Spitting Out Cash

Security researchers Brenda So and Trey Keown at New York-based security firm Red Balloon say their pair of vulnerabilities allowed them to trick a popular standalone retail ATM, commonly found in stores rather than at banks, into dispensing cash at their command. Click to read entire article.

Retail

Interior Design Platform Confirms Data Breach After Data of 1.3 Million Users Is Posted Online

Havenly, the online interior design and home decorating platform has disclosed a data breach after a data breach broker leaked 1.3 million user records for free on a popular hacking forum. Click to read entire article.

Mobile App

Users Advised to Reset Passwords After Zello Data Breach

Zello, a popular push-to-talk app, has disclosed a data breach that could have potentially allowed malicious actors to gain access to users’ email addresses and hashed passwords. Zello boasts 140 million users worldwide, and facilitates real-time communications for frontline workers, transportation services and friends. Click to read entire article.

K-12 Education

Cyberattack Shuts Down E-Learning for Two Days in New Palestine

The school district was hit with a Distributed Denial-of-Service (DDoS) attack; a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of internet traffic. Click to read entire article.

Healthcare

AIDS Foundation Chicago Confirms Donor Data Breach Via Third Party

AIDS Foundation Chicago (AFC) emailed people who have a history with the organization to inform them that a cybercriminal had accessed and copied a file of AFC data in a ransomware attack. Click to read entire article.

6,000 Patients Data May Have Been Exposed in the Breach at Beaumont Health

On July 28th, 2020, Beaumont Health notified patients of a data breach that occurred between January 3rd and 29th of this year. According to Detroit Free Press, six employee email accounts were accessed after falling victim to a phishing scam. These accounts held private patient information, including names, dates of births, diagnosis, procedures, treatment locations, prescription information, and more. Click to read entire article.

Cyber Insurance

Cyber Security Insurance Market Significant Market Size | Comprehensive Analysis, Industry Revenue, Forecast till 2020 – 2024

The cyber security insurance market was valued at USD 5.48 billion in 2018, and is expected to reach USD 20.72 billion by 2024, registering a CAGR of 24.30%, during the forecast period (2019-2024). Click to read entire article.

Global Threat Intel

Sensitive VPN Credentials of 900 Enterprises Leaked on Hacking Forum

A Russian hacker has published passwords of over 900 enterprise VPN servers on a hacking forum visited by several ransomware groups, putting them at risk. Click to read entire article.

Mexico

Delivery Startup, iVoy, Experiences Data Breach, Over 127,000 Accounts Exposed

On July 28th, a reported 127,432 account users’ emails and iVoy passwords were exposed on an online forum. Click to read entire article.

Canada

Berwick Family Angry Over N.S. Privacy Breach

Recently, the Nova Scotia Health Authority announced it sent letters to 211 patients whose medical records were snooped on by two employees at two hospitals in Kentville and New Glasgow. Click to read entire article.

EU/UK

BA Expects to Pay Just £20m for Data Breach

The airline anticipates its fine will be written down by as much as 90pc from its initial £183m. Click to read entire article.

Interpol Warns of ‘Alarming’ Rate of Cyberattacks During Pandemic

Interpol has warned that the coronavirus pandemic has led to an “alarming” rate of cyberattacks as criminals focus increasingly on larger organizations by targeting staff working from home. Click to read entire article.

UK Dentists May Have Had Bank Details Stolen Following Data Breach

The British Dental Association (BDA) has suffered a data breach causing fears that the bank account numbers of a number of UK dentists have been stolen. Click to read entire article.

Asia/Pacific

Telstra Suffered Brief Outage Following DoS Attack

Recently, Telstra customers faced issues in connecting to the internet. It turns out that Telstra actually suffered a DoS attack. Click to read entire article.

Online Exam Tool Suffers Data Breach

According to Honi Soit, a database of 440,000 ProctorU user records was published by hacker group ShinyHunters over the past week along with hundreds of millions of other user records. ProctorU user data exposed includes usernames, unencrypted passwords, legal names, and full residential addresses. Click to read entire article.

More Data Breaches From Ransomware Attacks in Australia

The number of data breaches caused by ransomware rose to 33 in the first half of 2020 from 13 in the previous six-month period, according to the latest report from the Office of the Australian Information Commissioner. Click to read entire article.


Vol. 223 – August 19, 2020

Download 2019 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber liability insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download

RESPONSE AND RESILIENCE

Register Today!

© 2020 NetDiligence All Rights Reserved.