We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Hacker Gained Access to Jefferson Health Insurance Portal, Suspected Chinese hackers hit News Corp with ‘persistent cyberattack’, IT Staffing Company Settles Data Breach Class Action, Ransomware Attack in Germany Tied to Colonial Pipeline Hackers, and more.
Ransomware Corner
Business Services Firm Morley Discloses Data Breach Affecting 500,000 People
Business services company Morley this week announced being targeted in a ransomware attack that may have resulted in the information of more than 500,000 individuals getting stolen. Click to read entire article.
Data Breaches Reported by Jefferson Health and Allegheny Health Network Home Infusion
Pittsburgh, PA-based Allegheny Health Network Home Infusion has been notified about a ransomware attack on one of its vendors, Vantage Healthcare Network, Inc. AHN Home Infusion was informed on November 22, 2021, that the systems accessed by the ransomware gang contained patient data, some of which had been exfiltrated by the attackers prior to file encryption. Click to read entire article.
St. Clair County Data Breach Impacted More Than 600 People
The Illinois county’s eight-month review of a ransomware attack on its computer systems last spring has found that hackers may have been able to view or acquire personal or medical information on more than 600 residents and non-residents. Click to read entire article.
Public Entities (Gov)
Washington state agency says data of hundreds of thousands of professionals may have been breached
The Washington State Department of Licensing (DOL) announced Friday that it had detected irregular activity on one of its online systems last month and that the personal data of professional licensees may have been breached. Those licensees include more than 250,000 professionals, according to The Seattle Times. Click to read entire article.
North Port still feeling impact of recent cyber attack
The city of North Port is still dealing with the fallout of a recent cyber threat to its system. City spokesperson Josh Taylor said its Information and Technology Division shut down all of the city’s systems out of caution when their network got hacked a few weeks ago. The incident interrupted phone lines and some city services. Click to read entire article.
Healthcare
Lawsuit Alert – New Mexico health insurance company sued over data breach
Three state residents who have filed a lawsuit against insurance firm True Health New Mexico over what they call a “targeted cyberattack” are seeking to have their complaint declared a class action, representing about 63,000 patients whose personal information might have been stolen. Click to read entire article.
RI Attorney General Subpoenas RIPTA and UnitedHealthcare Over 22,000-Record Data Breach
The Office of the Rhode Island Attorney General was notified about the security breach on December 23, 2021. RIPTA said it discovered and blocked a cyberattack on August 5, 2021, with its investigation confirming the hackers gained access to its network on August 3, 2021. Click to read entire article.
Hacker Gained Access to Jefferson Health Insurance Portal
Philadelphia, PA-based Jefferson Health has discovered unauthorized individuals gained access to an online health insurance portal that was used to submit billing information for payment. Click to read entire article.
Hackers hit Broward Health network, potentially exposing data on 1.3M patients, staff
Hackers breached the computer networks of Broward Health in October and may have accessed personal and financial information on more than 1.3 million patients and staff. Click to read entire article.
Automotive
Class Action Filed After Jim Koons Automotive Companies Hit by 2021 Data Breach
Jim Koons Automotive Companies faces a proposed class action over a data breach discovered in June 2021, during which the car dealer’s customers’ personal information was reportedly compromised. The suit claims Koons had legal and equitable duties to safeguard customers’ information yet failed to take the necessary steps to do so. Click to read entire article.
Retail
Data Breach Alert: Heirloom Roses
Recently, Heirloom Roses announced that the financial information of approximately 52,206 individuals was compromised in a data breach. Our data breach attorneys are investigating this cybersecurity incident to determine if consumers could have the grounds for a data breach class action lawsuit. Click to read entire article.
Media
Suspected Chinese hackers hit News Corp with ‘persistent cyberattack’
News Corp suffered a “persistent cyberattack,” the company said Friday, and investigators believe Chinese spies may be responsible. Click to read entire article.
Data Processing
Judge moves to dismiss Practicefirst breach lawsuit over lack of ‘actual harm’
A federal judge of the U.S. New York Western District has recommended to support a motion to dismiss a potential class-action lawsuit against Practicefirst, as the breach victims who filed the case did not provide evidence of actual harm, as required by a June Supreme Court decision. Click to read entire article.
Staffing
Settlement Alert ($10k per person!) – IT Staffing Company Settles Data Breach Class Action
Artech Information Systems settled a data breach class action this week for an incident that occurred in January 2020. Artech will pay up to $10,000 to each individual affected by the breach, based on a tiered payment system. Artech, a staffing company specializing in placement for IT staff and project services, was the victim of a ransomware attack in January 2020 that resulted in unauthorized access to confidential information concerning about 30,000 current and former employees. Click to read entire article.
Privacy
Settlement Alert – Cheesecake Factory Receipt Privacy $4.75M Class Action Settlement
The Cheesecake Factory Inc. will pay $4.75 million to resolve class action lawsuit claims it violated the Fair and Accurate Credit Transactions Act (FACTA) by displaying more information than legally allowed on its receipts. Click to read entire article.
Settlement Alert – McDonald’s Illinois Employee Biometric Privacy $50M Class Action Settlement
McDonald’s has agreed to a $50 million class action settlement benefiting its Illinois employees who used their biometric information to log in or use the restaurants’ systems. Click to read entire article.
Regulatory Updates
Federal Banking Regulators Issue 36-Hour Cybersecurity Breach Notification Requirement
In November, the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC), and the Federal Reserve Board of Governors (FRB) jointly issued a final rule that requires a federally regulated bank to notify its primary federal regulator within 36 hours after determining that a computer-security “notification incident” has occurred. Click to read entire article.
Crypto
Hackers Exploited a Logical Flaw to Steal $80 Million From DeFi Platform Qubit Finance
Hackers stole $80 million from Qubit decentralized finance (DeFi) platform on January 27, according to the company’s statement posted on Medium. Subsequently, the DeFi platform implored the hackers to return the stolen digital assets, adding that the incident would adversely affect real people in the Qubit community. Click to read entire article.
EU/ UK
Ransomware Attack in Germany Tied to Colonial Pipeline Hackers
Russia-linked cybercrime gang was allegedly responsible for ransomware attacks that took down a swath of Germany’s fuel-distribution system this week and hindered payments at some filling stations. Click to read entire article.
British Council data breach leaks 10,000 student records
A third-party data breach has exposed at least 10,000 records held by the British Council, a public sector organization that provides English language courses worldwide. Click to read entire article.