We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: The US poised to sue contractors who don’t report cyber breaches, the number of data breaches already surpassing last year’s total, potentially disastrous data breach hits Twitch, and more.
Privacy
The Plaid Data Privacy Class Action Lawsuit Reaches a $58 Million Settlement
Plaid has a platform for users to connect their bank accounts to payment apps. The plaintiffs in In re Plaid Inc. Privacy Litig. alleged that Plaid has “exploited its position as middleman” to obtain app users’ bank login credentials and then use that information to access and sell transaction histories, in the absence of app users’ consent. Click to read entire article.
Professional Services
Portland accounting firm will pay $50,000 for failing to disclose data breach as digital intrusions spike
Under state law, businesses and state agencies must tell consumers whenever their personal information is breached – typically within 45 days. Organizations that suffer intrusions affecting more than 250 Oregon consumers must also notify the state attorney general’s office. Click to read entire article.
COUGHLIN & GERHART, LLP (“C&G”) – NOTICE OF DATA BREACH
Coughlin & Gerhart (“C&G”), is providing notice of a recent data privacy event that may have affected certain personal information. The confidentiality, privacy, and security of information is one of C&G’s highest priorities and C&G takes this matter seriously. Click to read entire article.
Telecom
Syniverse quietly reveals 5-year data breach
Syniverse, which bills itself as the “world’s most connected company,” disclosed in a September 27 SEC filing that it was the target of a security breach. Syniverse supplies messaging services for AT&T, T-Mobile and Verizon, as well as other carriers around the world. Click to read entire article.
Federal Regulation
The US poised to sue contractors who don’t report cyber breaches
The action, unveiled at the Aspen Cyber Summit, is aimed at contractors who fail to report hacks or who knowingly provide deficient cybersecurity products. Click to read entire article.
Online Gaming
‘Potentially disastrous’ data breach hits popular streaming site Twitch
Amazon-owned Twitch confirmed that it was compromised hours after users posted what they claimed to be a huge pile of Twitch data on the anonymous post website 4chan. The user stated that the 128GB file is only the first part of the leak. Click to read entire article.
Retail
Neiman Marcus data breach exposes personal info of 4.6M customers
Luxury retailer Neiman Marcus is the latest victim of a data breach, this one exposing personal and financial information contained in the online accounts of approximately 4.6 million customers. Click to read entire article.
Class Action Alert – McDonald’s Customers Sue Over Data Breach
A proposed class of McDonald’s customers said in an Illinois federal court lawsuit that the personal information they provided to order delivery was not properly safeguarded against cyberattacks. Click to read entire article.
Settlement website established in Hudson’s Bay data breach suit
Credit unions and other financial institutions affected by a 2018 data breach at Toronto-based Hudson’s Bay can use the settlement website to file a claim. Claims must be filed by Feb. 17, 2022. Click to read entire article.
US clothing brand Next Level Apparel reports phishing-related data breach
Next Level Apparel, a US clothing manufacturer and e-commerce operator, has alerted customers to a data breach connected to the compromise of employee mailboxes. Exposed data includes payment card and driver’s license numbers. Click to read entire article.
Hospitality
Marriott Beats Stockholder Suit For Data Breach Damages
Stale claims and failure to show a complete lapse of board oversight have sunk a stockholder suit accusing Marriott Corp. directors of failing to protect the company from a massive data breach. Click to read entire article.
Data Breach Research
The number of data breaches in 2021 has already surpassed last year’s total
The Identity Theft Research Center reports the number of data breaches so far this year has already surpassed the total number in 2020 by 17%. Click to read entire article.
Healthcare
Class Action Alert – UC San Diego Health hit with class action suit over data breach
A cancer patient in California is taking UC San Diego Health to court over a data breach last winter that potentially exposed the personal and medical information of nearly half a million patients, employees, and others. Click to read entire article.
Class Action Alert – Northwestern patient sues Elekta over data breach that hit 170 health systems
A former patient of Chicago-based Northwestern Memorial HealthCare filed a class action lawsuit against Elekta over an April data breach that affected 170 health systems, according to court documents obtained by Becker’s. Click to read entire article.
Ohio dental group with several Dayton-area offices reports data breach
A dental group with practices in Centerville, Kettering, Xenia, and Dayton experienced a data breach and said it is taking steps to protect patients. Click to read entire article.
Staffing/HR
Data breach at Nashville staffing company leaves customers scrambling
A major staffing company is letting people know their personal information may have been compromised. This staffing company is headquartered in Mississippi but has several locations in Tennessee, one being in Nashville. Click to read entire article.
Public Entities (BEC Exposure)
Peterborough payment scam: Single compromised email account led to $2.3M theft
Perpetrators of a $2.3 million fraud against Peterborough taxpayers over the summer initiated the criminal enterprise by compromising the email of one town employee, according to a timeline prepared by local officials. Click to read entire article.
CryptoCurrency
Coinbase notifies 6,000 customers of data breach
Hackers exploited a 2FA flaw to steal hundreds of thousands in cryptocurrency
Late last week, Coinbase confirmed that, between March and May 2021, 6,000 US customers had fallen victim to “a third-party campaign to gain unauthorized access to the accounts of Coinbase customers and move customer funds off the Coinbase platform”. Click to read entire article.
