We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Broward Schools Warn 50K Employees, Students of Data Breach, Unprotected Database Exposes 170K Healthcare Staffing Records, Microsoft Exchange servers hacked to deploy BlackByte ransomware, and more.
Ransomware
The race is on to patch Log4Shell, the bug that’s breaking the internet
Security teams around the globe are scrambling to fix Log4Shell, a critical security flaw in Log4j, an open source logging software that’s found practically everywhere from online games to enterprise software and cloud data centers. Its ubiquity has put the internet on high alert as attackers ramp up their efforts to target vulnerable systems. Click to read entire article.
Former Ubiquiti Dev Arrested for Orchestrating Data Breach, Trying to Extort $2M
The DOJ says Nickolas Sharp stole data, demanded a $2 million ransom, and pretended to be a whistleblower in communications with reporters. Click to read entire article.
Broward Schools Warn 50K Employees, Students of Data Breach
After initially saying it was unaware of personal information being exposed by a ransomware attack months ago, the district is now sending written notifications that names and social security numbers were exposed Click to read entire article.
Ransomware attack exposed personal info of Hancock unit owners
30-Nov-21 – A ransomware attack on a property management company in Chicago did not get ransom but exposed personal information about unit owners and prospective unit owners at John Hancock Center. Click to read entire article.
Healthcare
Planned Parenthood patient records leaked in data breach
An attacker steals information including names, dates of birth, addresses and clinical data. Click to read entire article.
DNA testing firm accidentally spills information on two million customers
A US-based DNA testing company has been breached, and a database with personally identifiable information on more than two million customers stolen, the firm has announced. Click to read entire article.
Unprotected Database Exposes 170K Healthcare Staffing Records
Researchers discovered an unprotected database that contained 170K healthcare staffing records, potentially exposing passwords, Social Security numbers, and photos. Click to read entire article.
Boulder medical firm hit with data breach
Medical practice Boulder Neurosurgical & Spine Associates experienced a data breach in September in which customers’ personal information may have been compromised. Click to read entire article.
Officials: Data Breach At Huntington Hospital Impacts Personal Information Of 13,000 Patients
The hospital notified about 13,000 patients that their personal information was illegally accessed. Administrators said a night shift employee had allegedly improperly accessed electronic medical patient records between October 2018 and February 2019. Click to read entire article.
Quest’s ReproSource faces patient lawsuit over data breach impacting 350K patients
One month after notifying 350,000 patients of a potential theft of their protected health information, ReproSource Fertility Diagnostics has been sued by a patient over alleged security failings. ReproSource is a clinical laboratory for fertility specialists and a subsidiary of Quest Diagnostics. Click to read entire article.
E-Commerce
StockX Data Breach Case Properly Sent to Arbitration, Court Says
StockX LLC convinced the Sixth Circuit Thursday to uphold a decision that sent to arbitration a proposed class action accusing the e-commerce provider of failing to protect the personal information of millions of its users in a cyber attack. Click to read entire article.
Technology
Panasonic Confirms Data Breach After Cyber Attack
On Friday, Japanese technology giant Panasonic confirmed that it had been the victim of a cyber attack on November 11 in which attackers accessed the company’s data stored on a file server. Click to read entire article.
Microsoft Exchange servers hacked to deploy BlackByte ransomware
The BlackByte ransomware gang is now breaching corporate networks by exploiting Microsoft Exchange servers using the ProxyShell vulnerabilities. Click to read entire article.
Android banking malware infects 300,000 Google Play users
Malware campaigns distributing Android trojans that steals online bank credentials have infected almost 300,000 devices through malicious apps pushed via Google’s Play Store. Click to read entire article.
Bank /Wire Fraud (BEC)
Palisades Park, Mariner’s Bank settle over breach that drained $500K from borough accounts
PALISADES PARK — The borough has reached a settlement with Mariner’s Bank over hundreds of thousands of dollars that were drained from the borough’s account in 2019 in fraudulent bank transfers. Click to read entire article.
Retail
POS Data Breaches: A Comprehensive List of Compromised Restaurants
According to a recent IBM data breach report, the global average cost of a data breach is $3.26 million-up 6.4 percent from 2017. The average cost for each lost or stolen record containing sensitive and confidential information is $141. Click to read entire article.
Employee SSNs Exposed in California Pizza Kitchen Breach
California Pizza Kitchen (CPK) founded in Beverly Hills, California in 1985, has more than 250 locations across 32 states. CPK experienced a data breach exposing the full names and Social Security Numbers (SSNs) of current and former employees. Click to read entire article.
Cryptocurrency
Hackers Steal $119M From ‘Web3’ Crypto Project With Old School Attack
The hacker took control of the web infrastructure of BadgerDAO decentralized autonomous organization and tricked users into giving them control. Click to read entire article.
Canada
Ottawa’s French public school board paid hackers a ransom following cyberattack
Ottawa’s French public school board says it was the victim of a network security breach in October and it paid the hackers a ransom to secure the stolen data. Click to read entire article.
Are you eligible for the December class action settlement?
Consumers who purchased goods from Best Buy and were affected by the 2017 data breach may be entitled to compensation of up to US$2,060. Click to read entire article.
EU/UK (GDPR)
Cabinet Office fined £500,000 over New Year honours list data breach
Regulator says safety of hundreds of individuals was jeopardised after their addresses were posted online Click to read entire article.
Asia Pacific
Nadra’s data breach a national security threat
That Nadra’s data has been compromised is a very serious issue in the digitalised world we live and breathe in. The fake sims issued on biometric verification are symptoms of a greater challenge Click to read entire article.