We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Cash App Data Breach, Travelers stranded in vacation spots after data breach involving Sunwing, Brazil sees improvement in data breaches, BlueForce, Inc. Data Breach Exposes Customers’ Social Security Numbers, Mailchimp Data Breach Led to Stolen Crypto, Class Action Says, and more.
Ransomware Corner
FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide
The U.S. Federal Bureau of Investigation (FBI) is sounding the alarm on the BlackCat ransomware-as-a-service (RaaS), which it said victimized at least 60 entities worldwide between as of March 2022 since its emergence last November. Click to read entire article.
Technology
Class Action Alert – Mailchimp Data Breach Led to Stolen Crypto, Class Action Says
Intuit and its subsidiary Mailchimp failed to prevent a data breach earlier this month that resulted in millions of dollars of stolen cryptocurrency, a new class action lawsuit alleges. Click to read entire article.
Financial Services
Beanstalk DeFi project robbed of $182 million in flash loan attack
Reserves were drained after the attacker awarded themselves voting rights. Click to read entire article.
Mortgage servicer data breach affects 2.5 million; Crypto wallet provider warns iOS users
What we all know: Lakeview Loan Servicing experienced a data breach late final yr affecting greater than 2.5 million clients. An unauthorized person was in a position to entry Lakeview’s servers, and the private info of anybody who borrowed between Oct. 27 to Dec. 7, 2021. The compromised private info included debtors’ names, addresses, mortgage info, and Social Safety numbers. Click to read entire article.
Cash App Data Breach: Why It’s a Big Deal for Your Wallet
Cash App recently disclosed that it suffered a data breach in December 2021. The company says it is notifying 8.2 million current and former customers as to how they could be affected. The revelation about the data breach is detailed in a U.S. Securities and Exchange Commission (SEC) report filed on behalf of Block, the parent company of Cash App. Click to read entire article.
Healthcare
Settlement Alert – Proposed $5M settlement in Solara Medical lawsuit mandates security overhaul
A proposed $5 million settlement in the data breach class-action lawsuit against Solara Medical Supplies would require the diabetes medical supply vendor to undergo annual incident response tests and make a number of improvements to its security program Click to read entire article.
Lawsuit Alert –SuperCare Health Faces Lawsuits Over Data Breach
An American respiratory care provider is facing multiple lawsuits over a data breach that allegedly exposed the personal information of more than 300,000 current and former patients. Click to read entire article.
Lawsuit Alert – South Shore Hospital Faces Multiple Lawsuits Over Data Breach
A Chicago hospital system has been hit with its third lawsuit after a December data breach exposed more than 115,000 staff and patients to significant data privacy risks. Click to read entire article.
Adaptive Health Integrations Experiences Massive Data Breach Affecting Over 500k People
Adaptive Health Integrations (“AHI”) reported that the company experienced a data breach affecting more than 510,574 individuals. On April 11, 2022, AHI filed official notice of the breach with the federal government and began sending out data breach letters to those whose information was compromised as a result of the incident. Click to read entire article.
Kansas Hospital Discloses Data Breach
mail accounts at a Kansas hospital were compromised for nearly a year in a prolonged data breach affecting more than 52,000 individuals. Emporia-based Newman Regional Health was breached by an unauthorized threat actor last year. Click to read entire article.
Data Breach at Burkhart Dental Supply Compromises Sensitive Customer Data
Tacoma, Washington-based dental supply company Burkhart Dental Supply Co. Inc., announced that the company experienced a data security incident. As a result, certain customers’ names, Social Security numbers, dates of birth, and driver’s license numbers or State identification numbers were compromised. Click to read entire article.
K-12 Education
Number of Districts Impacted by Illuminate Student Data Breach Grows as a Third Alerts Parents
The number of school districts whose student data was breached during a January cyberattack on Illuminate Education’s systems continues growing as a third district has alerted parents their students’ personal information was compromised. Click to read entire article.
Telecom
Lapsus$ Hackers Stole T-Mobile’s Source Code and Systems Data
The infamous Lapsus$ hacking group managed to steal T-Mobile’s source code in March 2022, days before the group’s prolific members got arrested in the same month. For your information, Lapsus$ is a notorious group of teen hackers that mainly hunts for the source code of high-profile and large tech firms. Some of its previous and successful attacks include Samsung, Microsoft, Nvidia, Okta, and Ubisoft. Click to read entire article.
Consulting
Pacific Market Research Data Breach $250K Class Action Settlement
The settlement benefits individuals whose personal information was compromised as a part of the July 2021 ransomware attack on Pacific Market Research. Class Members may have received notice of the data breach directly from Pacific Market Research. Click to read entire article.
Construction Supply
Henry Company Data Breach Exposes Customers’ Social Security Numbers
Recently, Henry Company, a California-based construction supply company, announced a data breach exposing the names, driver’s license numbers, identification numbers, and Social Security numbers of certain individuals. Click to read entire article.
Defense
BlueForce, Inc. Data Breach Exposes Customers’ Social Security Numbers
Recently, BlueForce, Inc. announced a data breach that compromised the personal information of certain individuals. On April 20, 2022, BlueForce sent out data breach letters to all parties whose information was leaked as a result of the breach. Click to read entire article.
CyberSec Research
41% of businesses had an API security incident last year
In the wake of the digital transformation wave, web application program interfaces (APIs) have experienced exponential growth as the rise of integrated web and mobile-based offerings requires significantly more data sharing across products. As dependency on APIs increases, so do its related security challenges like broken authentication, authorization, and accidental disclosure or breach of data. Click to read entire article.
Canada
Canada Report: Travelers stranded in vacation spots after data breach involving Sunwing
Thousands of people have been stranded all week in sun destinations and at Canadian airports because of a data security breach involving Sunwing Airlines. Click to read entire article.
UK
Ransomware Attacks Cost Universities Over £2m
The UK’s education sector continues to be hit by spiraling ransomware attacks, which can cost affected organizations in excess of £2m per incident, according to a new Jisc report. Click to read entire article.
Investigation launched as 2,000 health workers caught up in data breach
More than 2,000 health workers are at the centre of a data breach over the disclosure of their personal details, Sunday Life can reveal. A major investigation is now underway to get to the bottom of how this happened. Workers across all trusts have been impacted and have been informed of the development by letter. Click to read entire article.
Latin America
Aeropost.com Asks Customers to Delete Credit Card Information Following Recent Data Breach
Recently, Aeropost, Inc., a leading e-commerce and logistics company serving Latin America and the Caribbean, announced a data breach and asked all customers to delete any credit card information they have saved to their Aeropost.com account. Click to read entire article.
Brazil sees improvement in data breaches
According to new research, the country has seen an 80% decrease in the number of data breach cases in the first quarter of 2022. But major data incidents continue to emerge. Click to read entire article.
Asia Pacific
Another bank faces data theft
Financial institution suspends international transactions services. Click to read entire article.
