Cyber Risk News

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Wawa to pay $9M in cash, gift cards to settle data breach lawsuit, Fitness Chain Faces GDPR Suit Over UK Data Breach, Bangkok Airways hit by LockBit ransomware attack, and more.

Ransomware Corner

Class-action Lawsuit Alert – Sturdy Hospital in Attleboro sued over data breach

A class action lawsuit has been filed against Sturdy Memorial Hospital alleging it failed to properly protect personal patient information that was stolen in a ransomware attack earlier this year. Click to read entire article.

Ransomware Stats Summary of 4000 USA incidents (at least) since 2016

Ransomware attacks are on the rise and continue to be a disruptive force in the cybersecurity industry, affecting everything from financial institutions to higher education. Due to the rise in remote work prompted by the pandemic, attacks are up 148%. Click to read entire article.

FBI shares technical details for Hive ransomware

The Federal Bureau of Investigation (FBI) has released some technical details and indicators of compromise associated with Hive ransomware attacks. In a rare occurrence, the FBI has included the link to the leak site where the ransomware gang publishes data stolen from companies that did not pay. Click to read entire article.

CA Attorney General Calls Out Unreported Healthcare Data Breaches

After multiple ransomware attacks went unreported, California’s attorney general issued a bulletin to providers reminding them to report healthcare data breaches. Click to read entire article.

Tip of The Day

MFA Use it Everywhere

Multi-factor authentication (MFA) has long been considered a best-practice for security, but now it is effectively a prerequisite, minimal practice for digital security. Click to read entire article.


Dark Web Monitoring – Data of 40 million-plus exposed in latest T-Mobile breach

In August, someone appeared on an online forum offering to sell the personal information of cellphone users. That was news to T-Mobile, the cellular phone company. It discovered that many of the users’ information for sale were T-Mobile customers. After investigating further, it appears millions of T-Mobile customers may have had their sensitive personal data exposed in a hack, the company said August 18 Click to read entire article.


DuPage Medical Group hit with data breach that may affect 600,000 patients

DuPage Medical Group experienced a security breach that reportedly may affect 600,000 patients, the group announced Aug. 30. Now, the medical group, Illinois’ largest independent physician group, is mailing letters to notify patients of the cyberattack. Click to read entire article.

IL Provider Faces Healthcare Data Breach, 171K Patients Exposed

Illinois-based Metro Infectious Disease Consultants alerted 171K patients that their data may have been exposed during a healthcare data breach. Click to read entire article.

AG Rokita warns Hoosiers of hospital data breach

Following a data breach this month by Eskenazi Health, Indiana Attorney General Todd Rokita is warning Hoosiers, specifically any current or former patients or employees, to watch out for suspicious activity with their accounts and personal information. Click to read entire article.

Banking (Credit Cards)

The Ex-Amazon Worker Who Allegedly Hacked Into The fifth Greatest Credit score Card Corporate In The USA Has Posted About It On-line, The FBI Says

Former device engineer Paige A. Thompson hacked into Capital One’s programs and won get admission to data from greater than 100 million bank card consumers, prosecutors stated. Government say they tracked down the suspect after she allegedly mentioned it on-line. Click to read entire article.


Class-action Lawsuit Alert – Lemonade faces class action lawsuit over alleged mishandling of customers’ biometric data

“Revolutionary” insurance company Lemonade is in the spotlight once more, as it faces a class action lawsuit which alleges it is mishandling customers’ biometric data. Click to read entire article.


Settlement Alert – Wawa to pay $9M in cash, gift cards to settle data breach lawsuit

Wawa has agreed to settle a class action lawsuit over a data security breach. The company will pay up to $9 million in cash and gift cards to settle the suit Click to read entire article.

Public Entities

San Andreas Regional Center Notifies Current and Former Consumers of Data Breach Incident

Working with the California Department of Developmental Services, San Andreas Regional Center (“SARC”) provides advocacy, services, and support for individuals with developmental disabilities. SARC announced today that it experienced a data breach that may involve the personal and protected health information of some individuals it serves. Click to read entire article.

SEC Enforcement

Regulators Tighten Scrutiny of Data Breach Disclosures by Companies

Companies must pay closer attention to what they say after hackers strike, lawyers warn, as regulators crack down on inaccurate disclosures and Congress debates mandatory reporting of cybersecurity breaches. Click to read entire article.


Fitness Chain Faces GDPR Suit Over UK Data Breach

A fitness chain has been hit with a privacy lawsuit by a former member after his personal data was stolen and compromised during a cyberattack, which he said had caused him anxiety and distress. Click to read entire article.

Stormont payout for institutional abuse victims over data breach

Stormont is to pay more than £100,000 to a group of historical institutional abuse victims after their personal details were leaked, their lawyer says. Click to read entire article.

ASIA Pacific

Authorities probe suspected eHAC data breach of 1 million users

The Health Ministry, National Police and Communications and Information Ministry said on Tuesday that they were looking into a suspected data breach of the government’s Indonesia Health Alert Card (eHAC) system, which has jeopardized around 1.3 million users’ data. Click to read entire article.

Bangkok Airways hit by LockBit ransomware attack, loses lotsa data after refusing to pay

Partial credit card numbers appear and, worse still, passengers’ meal preferences Click to read entire article.

“Sophisticated” Cyber-Attack Compromises Patient Data at Private Health Clinic

Personal and clinical data of more than 73,000 patients have been affected by a “sophisticated ransomware cyber-attack” on a private medical clinic in Singapore. Click to read entire article.

Vol. 236 – September 22, 2021

Download 2023 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.


© 2024 NetDiligence All Rights Reserved.