Cyber Risk News

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Cash App Data Breach, Travelers stranded in vacation spots after data breach involving Sunwing, Brazil sees improvement in data breaches, BlueForce, Inc. Data Breach Exposes Customers’ Social Security Numbers, Mailchimp Data Breach Led to Stolen Crypto, Class Action Says, and more.

Ransomware Corner

FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide

The U.S. Federal Bureau of Investigation (FBI) is sounding the alarm on the BlackCat ransomware-as-a-service (RaaS), which it said victimized at least 60 entities worldwide between as of March 2022 since its emergence last November. Click to read entire article.

Technology

Class Action Alert – Mailchimp Data Breach Led to Stolen Crypto, Class Action Says

Intuit and its subsidiary Mailchimp failed to prevent a data breach earlier this month that resulted in millions of dollars of stolen cryptocurrency, a new class action lawsuit alleges. Click to read entire article.

Financial Services

Beanstalk DeFi project robbed of $182 million in flash loan attack

Reserves were drained after the attacker awarded themselves voting rights. Click to read entire article.

Mortgage servicer data breach affects 2.5 million; Crypto wallet provider warns iOS users

What we all know: Lakeview Loan Servicing experienced a data breach late final yr affecting greater than 2.5 million clients. An unauthorized person was in a position to entry Lakeview’s servers, and the private info of anybody who borrowed between Oct. 27 to Dec. 7, 2021. The compromised private info included debtors’ names, addresses, mortgage info, and Social Safety numbers. Click to read entire article.

Cash App Data Breach: Why It’s a Big Deal for Your Wallet

Cash App recently disclosed that it suffered a data breach in December 2021. The company says it is notifying 8.2 million current and former customers as to how they could be affected. The revelation about the data breach is detailed in a U.S. Securities and Exchange Commission (SEC) report filed on behalf of Block, the parent company of Cash App. Click to read entire article.

Healthcare

Settlement Alert – Proposed $5M settlement in Solara Medical lawsuit mandates security overhaul

A proposed $5 million settlement in the data breach class-action lawsuit against Solara Medical Supplies would require the diabetes medical supply vendor to undergo annual incident response tests and make a number of improvements to its security program Click to read entire article.

Lawsuit Alert –SuperCare Health Faces Lawsuits Over Data Breach

An American respiratory care provider is facing multiple lawsuits over a data breach that allegedly exposed the personal information of more than 300,000 current and former patients. Click to read entire article.

Lawsuit Alert – South Shore Hospital Faces Multiple Lawsuits Over Data Breach

A Chicago hospital system has been hit with its third lawsuit after a December data breach exposed more than 115,000 staff and patients to significant data privacy risks. Click to read entire article.

Adaptive Health Integrations Experiences Massive Data Breach Affecting Over 500k People

Adaptive Health Integrations (“AHI”) reported that the company experienced a data breach affecting more than 510,574 individuals. On April 11, 2022, AHI filed official notice of the breach with the federal government and began sending out data breach letters to those whose information was compromised as a result of the incident. Click to read entire article.

Kansas Hospital Discloses Data Breach

mail accounts at a Kansas hospital were compromised for nearly a year in a prolonged data breach affecting more than 52,000 individuals. Emporia-based Newman Regional Health was breached by an unauthorized threat actor last year. Click to read entire article.

Data Breach at Burkhart Dental Supply Compromises Sensitive Customer Data

Tacoma, Washington-based dental supply company Burkhart Dental Supply Co. Inc., announced that the company experienced a data security incident. As a result, certain customers’ names, Social Security numbers, dates of birth, and driver’s license numbers or State identification numbers were compromised. Click to read entire article.

K-12 Education

Number of Districts Impacted by Illuminate Student Data Breach Grows as a Third Alerts Parents

The number of school districts whose student data was breached during a January cyberattack on Illuminate Education’s systems continues growing as a third district has alerted parents their students’ personal information was compromised. Click to read entire article.

Telecom

Lapsus$ Hackers Stole T-Mobile’s Source Code and Systems Data

The infamous Lapsus$ hacking group managed to steal T-Mobile’s source code in March 2022, days before the group’s prolific members got arrested in the same month. For your information, Lapsus$ is a notorious group of teen hackers that mainly hunts for the source code of high-profile and large tech firms. Some of its previous and successful attacks include Samsung, Microsoft, Nvidia, Okta, and Ubisoft. Click to read entire article.

Consulting

Pacific Market Research Data Breach $250K Class Action Settlement

The settlement benefits individuals whose personal information was compromised as a part of the July 2021 ransomware attack on Pacific Market Research. Class Members may have received notice of the data breach directly from Pacific Market Research. Click to read entire article.

Construction Supply

Henry Company Data Breach Exposes Customers’ Social Security Numbers

Recently, Henry Company, a California-based construction supply company, announced a data breach exposing the names, driver’s license numbers, identification numbers, and Social Security numbers of certain individuals. Click to read entire article.

Defense

BlueForce, Inc. Data Breach Exposes Customers’ Social Security Numbers

Recently, BlueForce, Inc. announced a data breach that compromised the personal information of certain individuals. On April 20, 2022, BlueForce sent out data breach letters to all parties whose information was leaked as a result of the breach. Click to read entire article.

CyberSec Research

41% of businesses had an API security incident last year

In the wake of the digital transformation wave, web application program interfaces (APIs) have experienced exponential growth as the rise of integrated web and mobile-based offerings requires significantly more data sharing across products. As dependency on APIs increases, so do its related security challenges like broken authentication, authorization, and accidental disclosure or breach of data. Click to read entire article.

Canada

Canada Report: Travelers stranded in vacation spots after data breach involving Sunwing

Thousands of people have been stranded all week in sun destinations and at Canadian airports because of a data security breach involving Sunwing Airlines. Click to read entire article.

UK

Ransomware Attacks Cost Universities Over £2m

The UK’s education sector continues to be hit by spiraling ransomware attacks, which can cost affected organizations in excess of £2m per incident, according to a new Jisc report. Click to read entire article.

Investigation launched as 2,000 health workers caught up in data breach

More than 2,000 health workers are at the centre of a data breach over the disclosure of their personal details, Sunday Life can reveal. A major investigation is now underway to get to the bottom of how this happened. Workers across all trusts have been impacted and have been informed of the development by letter. Click to read entire article.

Latin America

Aeropost.com Asks Customers to Delete Credit Card Information Following Recent Data Breach

Recently, Aeropost, Inc., a leading e-commerce and logistics company serving Latin America and the Caribbean, announced a data breach and asked all customers to delete any credit card information they have saved to their Aeropost.com account. Click to read entire article.

Brazil sees improvement in data breaches

According to new research, the country has seen an 80% decrease in the number of data breach cases in the first quarter of 2022. But major data incidents continue to emerge. Click to read entire article.

Asia Pacific

Another bank faces data theft

Financial institution suspends international transactions services. Click to read entire article.


Vol. 244 – May 18, 2022

Download 2022 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download

© 2022 NetDiligence All Rights Reserved.