Cyber Risk News

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Healthcare Ransomware Attack Targets Practice Management Vendor, British Airways settles with 2018 data breach victims, LimeVPN Backup Database Hacked, and more.

Ransomware Corner

Up to 1,500 businesses affected by ransomware attack, U.S. firm’s CEO says

Between 800 and 1,500 businesses around the world have been affected by a ransomware attack centered on U.S. information technology firm Kaseya, its chief executive said on Monday. The hackers who claimed responsibility for the breach have demanded $70 million to restore all the affected businesses’ data, although they have indicated a willingness to temper their demands in private conversations with a cybersecurity expert and with Reuters. Click to read entire article.

Healthcare Ransomware Attack Targets Practice Management Vendor

Practice management vendor Practicefirst announced a 2020 healthcare ransomware attack that may have exposed patient and employee PII. Click to read entire article.

Why A Trucking Company Called A Lawyer Minutes After A Ransomware Attack

Earlier this year, Carrie Palmer got a panicked phone call from a client. The trucking company had gotten hit by a ransomware attack minutes earlier, and it wanted the South Carolina-based lawyer’s guidance on what its next steps should be. Click to read entire article.

NYDFS

New York Department of Financial Services Announces a $1.8 Million Settlement with Two Life Insurers for Data Breach Violations

The NYDFS conducted an investigation and determined that the two life insurers (the “Companies”) had been the subject of two phishing attacks in 2018 and 2019, which compromised the email accounts of several of the Companies’ employees, with access to a significant amount of sensitive and personal data of their customers. Click to read entire article.

Social Media

LinkedIn data breach exposes info of 700M users

Data stolen from a popular online employment service as well as a massive ransomware attack this holiday weekend has security experts warning people your personal information is at risk – and you need to protect yourself. Click to read entire article.

Healthcare

Dominion National reaches $2M settlement over nine-year data breach

Insurance giant Dominion National reached a $2 million settlement with the 2.9 million patients affected by its nine-year data breach, first reported in 2019. The security incident was the second-largest breach reported to the Department of Health and Human Services that year. Click to read entire article.

Kroger to pay $5M to settle Accellion breach after 1.4 million pharmacy patients exposed

Kroger has agreed to pay to settle claims related to the data breach on file transfer vendor Accellion, according to June 30 California federal court documents. Click to read entire article.

Public Entity

After contact tracing data breach, Pa. sidesteps scrutiny on proposed $34M contract

State lawmakers are calling into question whether the Department of Health should be jumping into another, more expensive contact tracing contract after a severe data breach with the last company. Click to read entire article.

Airlines

British Airways settles with 2018 data breach victims

British Airways has settled a case brought by customers and staff affected by a massive 2018 data breach that led to personal information being leaked, the court-appointed lead solicitors in the case said on Tuesday. Britain’s Information Commissioner’s Office in October fined British Airways 20 million pounds ($27.7 million) – the data protection watchdog’s biggest such penalty at the time – for failing to protect the personal and financial details of its customers. Click to read entire article.

Automotive (Supply Chain)

Mercedes-Benz Hit by Third-Party Data Breach

Automobile maker Mercedes-Benz USA said a data breach in its supply chain had exposed personal information of roughly 1.6 million of its actual and potential customers. Click to read entire article.

Volkswagen and Audi Hit with Data Breach Class Action

This week, Volkswagen AG’s U.S. entity and its Audi brand were hit with a class action for a data breach that allegedly compromised 3.3 million consumers’ personal information. In the U.S. District Court for the District of New Jersey, a California consumer filed a suit against the automakers on behalf of other current and prospective car buyers whose information was allegedly compromised by hackers. Click to read entire article.

Navistar data leaked on auction site after cyberattack

Dark web marketplace claims to be auctioning off hundreds of gigabytes of stolen files. Click to read entire article.

Technology

LimeVPN Backup Database Hacked

Further discussions with LimeVPN have revealed the claim of 69,000 users being affected was actually an activity log total, with the number of live user accounts closer to 800. LimeVPN also confirmed their website has not been hacked and the claim of all private keys being leaked is false. Click to read entire article.

Vendor Breaches (Cause of Loss)

Vendor incidents lead the 10 biggest healthcare data breaches of 2021 so far

Accellion: over 3.51 million individuals

Florida Healthy Kids: 3.5 million patients

20/20 Eye Care Network: 3.3 million patients

CaptureRx: 1.7M individuals

Netgain: more than 865,000

Personal Touch Holding: 753,107

Hendrick Health: 640,436

Wolfe Clinic: 527,378 patients

Bricker & Eckler: 420,532 patients

Health Plan of San Joaquin: 420,000

Click to read entire article.

South Africa

Major South African Insurance Company Suffers Data Breach

A data breach has been reported by QSure insurance company in South Africa. As a result of this incident, sensitive information such as bank account details was stolen by a third party, according to Money Web. Click to read entire article.

Asia Pacific

Japan’s “K” Line Apologizes for Second Cyberattack in Months

Japanese shipping company Kawasaki Kisen Kaisha, known as “K” Line issued a brief statement today confirming that its computer systems have once again been breached with “unauthorized access to overseas subsidiary systems.” Click to read entire article.

Air India flyer seeks damages over data breach

A legal notice was sent to Air India management on July 4 by Ritika Handoo in which she said that the airline informed her about the breach on June 1, her lawyer said. Click to read entire article.

Tamil Nadu PDS system breached, data of 4.5 Mn people on sale: Technisanct reports

A legal notice was sent to Air India management on July 4 by Ritika Handoo in which she said that the airline informed her about the breach on June 1, her lawyer said. Click to read entire article.


Vol. 234 – July 21, 2021

Download 2020 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download

Philadelphia

2021

Register Today!

© 2021 NetDiligence All Rights Reserved.