Cyber Risk News

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: McDonald’s Hit by Data Breach, Fujifilm Shuts Down Network After Suspected Ransomware Attack, Scripps Health notifies patients of data breach after ransomware attack and more.

Ransomware Corner

All of JBS’s U.S. Beef Plants Were Forced Shutdown by Cyberattack

A cyberattack on JBS SA, the largest meat producer globally, forced the shutdown of all its U.S. beef plants, wiping out output from facilities that supply almost a quarter of American supplies. Click to read entire article.

Colonial Attackers Used Compromised VPN Credentials

Accessed VPN Account No Longer Used; Lacked Multi-Factor Authentication

Experts say the cause of the breach, first reported by Bloomberg, demonstrates the need for organizations to practice basic IT security hygiene, including turning on two-step verification and disabling accounts that are no longer used. Click to read entire article.

Ransomware group that hacked St. Clair County says it stole 2.5GB of personal data

In a statement Thursday, Sandusky said the county’s computer system was breached on May 28. While its website and some services have been restored, several services including access to court records and payment for court or ticket fees are still unavailable Click to read entire article.

Capcom faces a $12m lawsuit after data leak allegedly shows it stole photos for Resident Evil

Capcom’s recent data leak could end up costing it millions in damages, after game files allegedly revealed it used dozens of unlicensed images in titles including Resident Evil 4 and Devil May Cry. Click to read entire article.

Fujifilm Shuts Down Network After Suspected Ransomware Attack

Fujifilm is investigating a ransomware attack and has shut down part of its network to prevent the infection from spreading, according to BleepingComputer. Click to read entire article.

Mobile App

Class Action Filed Against Parking App Over Data Breach Impacting Millions of Users

“The [personally identifiable information] obtained from ParkMobile has already been listed for sale on a Russian crime forum for $125,000,” the complaint alleged. Click to read entire article.

Healthcare

3 HIPAA cases with the biggest fines!

Check out a few of these cases: Advocate Health System (Amount: $5.55 million), Memorial Healthcare Systems (Amount: $5.5 million), New York-Presbyterian Hospital and Columbia University (Amount: $4.8 million) Click to read entire article.

Data of 3.3M 20/20 Hearing Care Patients Hacked From Cloud Database

The 20/20 Hearing Care Network found an actor hacked into its AWS cloud database and deleted patient data; ransomware, a system hack, yet another Netgain breach victim, and a data security incident, complete this week’s breach roundup. Click to read entire article.

Scripps Health notifies patients of data breach after ransomware attack

The healthcare provider has five hospitals and 19 outpost facilities with over 3,000 affiliate physicians. Every year, Scripps Health treats more than 700,000 patients. Click to read entire article.

CaptureRX data breach toll climbs: 9,500 Trinity Health patients, 14 hospitals, health systems now affected

CaptureRx, a San Antonio-based health IT company, helps hospitals manage their 340B drug programs, reported unusual activity in some of its files in February. Compromised files contained patient records with protected health information, including names, birthdates and prescription details. CaptureRx notified hospitals of the attack in April. CaptureRX reported that there are 1,656,569 known victims affected by the breach. Click to read entire article.

Public Entity

MTA Says Hackers Breached Its Systems In April But No Threat Was Posed To Public

MTA says the breach had zero impact on customers and a forensic audit found no evidence any accounts or compromised or any employee information was breached, but the hack has exposed vulnerabilities in our nation’s largest transportation network. Click to read entire article.

NYC Law Department system breached; cyber-threats pose critical challenge

Hackers breached a computer system at New York City’s Law Department, according to City Hall. The city’s Cyber Command detected “unauthorized access” in the system and launched an investigation, according to Laura Feyer, a spokesperson for Mayor Bill de Blasio. Click to read entire article.

More than 11,000 people’s personal information released in Anchorage police data leak

Since 2019, 11,402 people have had their birth dates and driver’s license numbers published accidentally, due to a glitch in the Anchorage Police Department records system, the department announced Wednesday. Click to read entire article.

Automobile

Volkswagen, Audi say 3.3 million customers’ data exposed in North America

An unnamed digital vendor that Volkswagen’s subsidiary, Audi, and some of its U.S. and Canadian dealers used for sales and marketing purposes “left electronic data unsecured at some point between August 2019 and May 2021,” the German automaker said Click to read entire article.

Construction

Bilzin Sumberg Partner Sounds Alarm About Data Breaches in Construction Sector

“Everyday we see hackers are getting smarter. Data breaches are typically caused because we let our guard down, by either responding to a phishing email or giving away their password,” attorney Melchiondo said. Click to read entire article.

Retail

McDonald’s Hit by Data Breach

Hack exposed some U.S. business information, customer data in South Korea and Taiwan. Cyberattackers stole customer emails, phone numbers and addresses for delivery customers in South Korea and Taiwan, McDonald’s said. Click to read entire article.

Gaming

World of Warcraft Classic is Getting Hit With DDoS Attacks

According to Blizzard’s support Twitter account, World of Warcraft Classic has been plagued by DDoS attacks since the update became live. Click to read entire article.

K-12 Schools

Malware Causing Disruptions in Pierce County Schools

An unspecified malware event at Clover Park School District in Washington is causing technical problems and apparently resulted in district files surfacing on the dark web, though the extent of the intrusion is unclear. Click to read entire article.

Manufacturer

US truck and military vehicle maker Navistar discloses data breach

Navistar International Corporation (Navistar), a US-based maker of trucks and military vehicles, says that unknown attackers have stolen data from its network following a cybersecurity incident discovered on May 20, 2021. Click to read entire article.

EU/UK

NSW Health admits patient data was breached in Accellion attack

It warned that ‘identity information’ and ‘health-related personal information’ were both accessed Click to read entire article.

Asia Pacific

Tokyo Olympics: Another setback, Tokyo Games organizers hit by data breach & info leak

Japan’s leading news agency Kyodo news has reports that the organizing committee of the Tokyo Olympics is the latest to be hit by a data breach. According to the agency report, the data leak has happened through unauthorized access to an information-sharing tool developed by Fujitsu Ltd. Click to read entire article.

Domino’s Data Breach: Centre Informs Delhi High Court About Removal Of Compromised Details

Domino’s India counsel Dayan Krishnan had earlier informed the court that hackers had illegally obtained personal details from the company’s secure computer Click to read entire article.


Vol. 233 – June 16, 2021

Download 2020 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download

Philadelphia

2021

Register Today!

© 2021 NetDiligence All Rights Reserved.