RESPONSE AND RESILIENCE

2020

Cyber Risk News

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: REvil ransomware operators claim Valley Health Systems as new victim, some Atrium Health patient information may have been impacted by breach, Capital One fined for inadequate data controls, and more.

Ransomware Corner

REvil Ransomware Operators Claim Valley Health Systems as New Victim

Valley Health Systems have been targeted by REvil ransomware operators, according to cyber security researchers. Bad actors claim to have stolen sensitive data from Valley Health Systems’ network, including patient, client and employee information. Their message says the data will be made public unless the organization agrees to negotiations. Click to read entire article.

Some Atrium Health Patient Information May Have Been Impacted by Breach

Some Atrium Health patients may have been affected by a ransomware attack, according to a notice Atrium shared. Atrium said they first learned of the ransomware attack on July 16 from Blackbaud, a company Atrium uses for “relationship management software.” Click to read entire article.

University of Missouri Donor Info Taken in Data Breach

Personal information from donors to the University of Missouri’s four campuses was stolen during a May data breach at Blackbaud, a company that provides fundraising software for not-for-profits and educational institutions. Click to read entire article.

Haywood County School District Says Data Breach Occurred During Recent Ransonware Attack

On Wednesday, officials with Haywood County Schools released an update regarding a ransomware attack that struck the district in late August. “Our people, deployed state and federal experts, and several remote support organizations worked to help us restore communication services, a functioning network, and our ability to return to learning. Many services are still unavailable. Forensic and restoration work may continue for weeks. The law enforcement investigation is ongoing,” the school district said in Wednesday’s statement. Click to read entire article.

D&O Insurance

D&O Coverage Issues Arising From Increased Cyberattacks, Shareholder Suits

As cyber risks only continue to worsen, these lawsuits spotlight potential cyber coverage issues for D&O policies. Following multiple cybersecurity incidents that allegedly affected millions of patients at LabCorp, which operates one of the country’s largest clinical laboratory networks, a shareholder filed a lawsuit against certain of the company’s directors and officers. Click to read entire article.

Entertainment (Music Industry)

Warner Music Group Discloses Data Breach

Warner Music Group has issued a data breach notification following a prolonged skimming attack on an undisclosed number of its e-commerce websites. The cyber-attack was discovered by the multinational entertainment and record label conglomerate on August 5, 2020. Click to read entire article.

Financial Services

Capital One Fined for Inadequate Data Controls

The Office of the Comptroller of the Currency fined Capital One USD 80 million for inadequate data controls leading to a 2019 data breach and for failing to fix the problems in a timely manner. The breach was one of the largest in history for a big bank, affecting credit card applications and accounts for more than 100 million customers. Click to read entire article.

Healthcare

112K Patients Impacted by Utah Pathology Services Email Hack

A hacker attempted to redirect funds from Utah Pathology Services after breaching an employee email account; patient data leaked by threat actors and another ransomware incident complete this week’s breach roundup. Click to read entire article.

Data Breach at Roper St. Francis Hospital Affects 6,000 Patients

Roper St. Francis Hospital (RSFH) has reported that 6,000 patients are directly affected by a data breach that allowed attackers to steal their medical records and other personal information. Hospital officials say leaked information contained names, birth dates, detailed medical records, insurance information and Social Security numbers. Click to read entire article.

Dynasplint Systems Announces a Data Breach that May Have Exposed 102,800 Individuals’ Information

Dynaplint Systems, a manufacturer and seller of splint systems to help patients who have a limited range of motion, reportedly suffered a data breach in May which might have exposed sensitive patient information. With the aid of a digital forensics firm, Dynasplint Systems concluded its investigation on June 4th. They determined that sensitive information that may have been acquired by the attackers includes names, addresses, social security numbers, and medical information. Click to read entire article.

Education & K-12

Two Ventura County School Districts Affected by Cyber Attack Friday Morning

A cyber attack briefly affected internet service Friday morning at Ventura and Conejo Valley unified school districts, according to officials. Ventura County Office of Education, said there was a denial of service attack targeting Ventura Unified that disrupted internet service at district sites. Click to read entire article.

Capital and U New Mexico Hit by Cyber Attacks Prior to Fall Classes

Just weeks before the fall semester started, both University of New Mexico School of Law in Albuquerque and Capital University Law School in Columbus, Ohio, were hit with cyberattacks that shut down the school websites and email. “The hack resulted in the deletion of information and data preventing faculty from preparing for the semester,” the letter read. Click to read entire article.

Retail

Claire’s Faces Data Breach Claims After Customer Data Exposed

Claire’s Stores Inc.’s allegedly weak security practices led to a breach that exposed customer data, including payment card and account information, according to class claims removed to the Northern District of Illinois. The jewelry retailer also failed to notify affected customers for more than a month, which led to ongoing identity theft risks, plaintiff Julia Rossi claims in the complaint originally filed in Illinois state court. Click to read entire article.

Telecom

Assist Wireless Caught Out in Major Data Breach

Special U.S. cell carrier Assist Wireless left tens of thousands of personal customer documents on its website by mistake. This error has potentially placed personally identifiable information in the hands of criminals. Assist Wireless LLC, a U.S. mobile virtual network operator that provides phone services to the underprivileged with government support. The company reported at the start of September that it has suffered from a data breach. It appears that a third-party plugin was responsible for the accidental exposure of thousands of Assist Wireless customer passports, Social Security cards and driver’s licenses. Click to read entire article.

Non Profits

Hacker Steals $7.5 Million from Maryland Non-Profit by Compromising Employee’s Personal Computer

A hacker stole $7.5 million from the endowment funds of The Jewish Federation of Greater Washington, a non-profit from Maryland in the US. Such security incidents perfectly illustrate the dangers of working from home, as the hacker compromised the personal computer of an employee working remotely. Click to read entire article.

Social Media

Major Data Broker Exposes 235 Million Social Media Profiles in Data Leak

Social Data, a data broker that appears to have been scraping public social media profiles for information without the knowledge or consent of the host companies, is the latest organization to get caught with an exposed public database. Click to read entire article.

Canada

Canadian Government Named in Class-Action Privacy Breach Lawsuit

The federal government is facing a proposed class-action lawsuit over data breaches earlier this year affecting thousands of users of online service users. Criminals were able to get the user names and passwords of 9,041 users of GCKey, the federal government announced in August. Click to read entire article.

Canadian Firm Canpar Express Becomes Ransomware Attack Victim

A Canadian shipping company, Canpar, has emerged as the latest prey to a ransomware attack. The incident caused huge business disruption. Click to read entire article.

UK

Marriott International Is Set to Face a Lawsuit in London by Millions of Former Guests Who Had Their Personal Records Hacked Between 2014 and 2018

Martin Bryant, who is the founder of technology and media consultancy Big Revolution, is leading the claim for British and Welsh-based guests who made a reservation for one of the former Starwood brand hotels. Click to read entire article.

Africa

Two Nigerian Banks Have Been Hacked, They Deny It, Here’s a Bigger Problem

On August 25, Bank Security, a Twitter handle focused on bank security threats, reported that the database of Unity Bank, a Nigerian commercial bank, was being shared online on hacker forums. Click to read entire article.

Asia Pacific

GCSB Warns Cyber Attacks Could Get Worse, Issues Advisory to All NZ Businesses

The GCSB has issued a “be prepared” advisory for all Kiwi businesses on the heels of the stock exchange suffering a fifth day of outages linked to cyber attacks. Click to read entire article.

Fears That 186,000 Australian Driver’s Licences Are Now in the Hands of Hackers Who Could Use the Details to Drain Your Bank Accounts and Destroy Your Credit Rating

A massive government data breach means more than 186,000 Australian driver’s licenses could now be in the hands of foreign hackers. Click to read entire article.

NZX Down for Fourth Day in a Row After Cyber Attacks

The NZX has delayed the market’s opening after earlier communicating that it would be open for business following a barrage of cyber attacks. Click to read entire article.


Vol. 224 – September 16, 2020

Download 2019 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber liability insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download

RESPONSE AND RESILIENCE

Register Today!

© 2020 NetDiligence All Rights Reserved.