We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Blackbaud ransomware breach victims, lawsuits pile up, Treasury Department warns that ransomware payment facilitation could be sanction risk, Warner Music Group is hit with class action complaint over breach, and more.
Blackbaud Ransomware Breach Victims, Lawsuits Pile Up
More than three dozen Blackbaud-related health data breaches affecting about 6 million individuals had been posted to the Department of Health and Human Services. Click to read entire article.
Treasury Dept: Ransomware Payment Facilitation Could Be Sanction Risk
COVID-19 spurred an increase in ransomware attacks. The Treasury Department warns entities against facilitating ransomware payments for breach victims and possible sanction risks. Click to read entire article.
Las Vegas Students’ Personal Data Leaked, Post-Ransomware Attack
A researcher said he discovered an open data cache with names, grades, birthdates and more, after the Clark County School District refused to pay the ransom. Click to read entire article.
Warner Music Group Hit With Class Action Complaint Over Breach
Credit card numbers, shipping addresses, and unencrypted names are among the personal identifiable information allegedly stolen from Warner Music Group Corp. customers when the entertainment and record label conglomerate suffered a data breach over the spring and summer, according to a class action lawsuit filed against the company. Click to read entire article.
Officiating Software Firm Hit With Lawsuit Over Cyberattack
A Sandy, Utah-based sports officiating software company put customers’ personal data at risk after being hit with a cyberattack, a proposed class action filed in federal court alleges. Click to read entire article.
A hacker attack has disrupted computer service for students and teachers in the Bay Shore school district — the second reported hit on a Long Island school system in the past week. Click to read entire article.
A school in Nevada is the latest educational institution to be hit by a cybersecurity incident. Hackers have managed to capture some key personal data from the school systems. Click to read entire article.
A cyberattack hit Lindenhurst schools last week, disrupting the district’s internet service just as students were settling into their first month of remote learning. Click to read entire article.
Some customers who pay the city of Pell City via paper check for their utility bills may have had their data breached according to the municipality and Valley Bank. Click to read entire article.
Communications director Michelle Newell said the county network was impacted by a data security incident over the weekend, which prevented access to the county network. Click to read entire article.
In a new report Wednesday from Techcrunch, lawyers applying to join the DC Bar revealed that the personal documents and data of thousands of DC Bar users were exposed in a security leak. Click to read entire article.
The hospital chain Universal Health Services said Thursday that computer services at all 250 of its U.S. facilities were hobbled in last weekend’s malware attack and efforts to restore hospital networks were continuing. Click to read entire article.
OCR Imposes Fines on Health Plan, Business Associate, and Physician Group Related to Hacking Incidents; Warns Providers of Malware Attack
In September, the Office for Civil Rights (OCR) announced three separate enforcement actions, including the second largest HIPAA monetary financial settlement in OCR history. These three actions and settlements were against: (1) a health plan; (2) a business associate; and (3) a physician group. All of these actions related to hacking and malware attacks on the entities in 2014 through 2016. Click to read entire article.
AGs Secure $39.5M From Anthem Over 2014 Data Breach
Virginia has joined a bipartisan 43-state multistate coalition reaching a $39.5 million settlement with Anthem over its massive 2014 data breach that involved the personal information of 78.8 million Americans. Click to read entire article.
Summit Medical Associates Announces Patient Information May Have Been Exposed in a Data Breach
Summit Medical Associates, a heart and vascular health clinic based in Fort Wayne, Indiana, has informed some patients that their information may have been exposed in connection with a data breach that occurred earlier this year. Click to read entire article.
Kylie Jenner’s makeup company has warned customers that their data — including parts of their credit card numbers — may have been exposed in a Shopify security breach. Click to read entire article.
Marriott International announced a significant data breach two years ago following which the UK’s data protection regulator, the ICO, issued a statement in July 2019 citing an intention to fine Marriott £99.2 million for breaches of the General Data Protection Regulation (GDPR). Click to read entire article.
Legal Decision Ramifications
Protecting IT Forensic Reports in the Wake of a Data Breach
Consulting firms invariably produce reports and form opinions about the nature, cause and scope of the breach. In many instances, the business will disclose all or a portion of the consultant’s report to allay customer concerns, address regulatory inquiries and address other legitimate purposes. But, there are circumstances in which such disclosure may not be in the business’ interest. . . Until recently, well-settled judicial precedent, shielded attorney-supervised forensic reports as privileged and excluded them from disclosure in litigation. A recent decision from the U.S. District Court for the Eastern District of Virginia (“EDVA”), however, calls that principle into question. Click to read entire article.
The Medisys Health Group and its affiliate Copeman Healthcare say they paid an unspecified ransom to retrieve personal information for about 60,000 clients after detecting a security breach on Aug. 31. Click to read entire article.
Altaba Must Reserve $800M For Canadian Data Breach Claims
A Delaware vice chancellor ruled Monday that former Yahoo owner Altaba must set aside roughly $800 million to cover potential liability for data breach claims asserted in Canadian lawsuits before it can distribute roughly $5.6 billion to stockholders as part of its $40 billion wind-down plan. Click to read entire article.
CMA CGM Suspects Data Breach from Cyber Attack
CMA CGM said it suspects a data breach in this week’s ransomware cyber attack. The French shipping giant said in an update on Wednesday that its back-offices are gradually being reconnected to the network, improving booking and documentation processing times. Click to read entire article.
Chinese hackers are suspected of invading the network of a Taiwanese online job bank before the Mid-Autumn Festival holiday last week and stealing the personal information of more than 5.92 million job applicants. Click to read entire article.
The Facebook Security Team shares details about a Malware Campaign that used its Ad Platform to attack unsuspecting users. Although the malware was first detected in the final week of 2018, the cybercrime group behind it is believed to have been operating since 2016, constantly adapting to new Facebook features and likely expanding to other social platforms and web services as well. Click to read entire article.