We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Val Verde Regional Medical Center Notifies Thousands of Patients Following Data Breach, MGM Resorts Data Hack, Facebook is paying $397 to a MILLION people, Hackers breached Canadian hospital network’s servers, and more.
Healthcare
Optoma Technology, Inc. Confirms Data Breach Stemming from Recent Ransomware Attack
Optoma Technology, Inc. reported a data breach following a ransomware attack in which unauthorized parties were able to access the company’s computer system for a period of about ten days. According to Optoma, the breach resulted in the following types of information being compromised: names, Social Security numbers, driver’s license numbers, state identification numbers, financial account information, payment information, health insurance information, username and password. Click to read entire article.
Val Verde Regional Medical Center Notifies Thousands of Patients Following Data Breach
Recently, Val Verde Regional Medical Center reported a data breach after an unauthorized party following an incident in which an unauthorized party gained access to the company’s computer network and may have downloaded files containing sensitive patient data. Click to read entire article.
Summit Healthcare’s Business Associate Provides Notice of Data Breach
On Feb. 26, the company PFC detected and stopped a sophisticated ransomware attack in which an unauthorized third party accessed and disabled some of PFC’s computer systems. PFC immediately engaged third-party forensic specialists to assist with securing the network environment and investigating the extent of any unauthorized activity. Federal law enforcement was also notified. The investigation determined an unauthorized third party may have accessed files containing certain individuals’ personal information. Click to read entire article.
Data Breach at East Tennessee Children’s Hospital Affects More than 422,000 People
One of the most recent healthcare data breaches involves East Tennessee Children’s Hospital (“ETCH”), which reported a data breach involving patients’ names, contact information, dates of birth, medical record numbers, medical history information, and Social Security numbers. Click to read entire article.
Financial Services
Lakeview Loan Servicing Faces Multiple Lawsuits Over Data Breach
Florida-based Lakeview Loan Servicing LLC, the fourth largest loan-servicing company in the nation, is facing at least two proposed class action lawsuits as a result of a late-2021 data breach that reportedly affected more than 2.5 million consumers. Click to read entire article.
Public Employees Credit Union Data Breach Results in Leaked Social Security Numbers
Public Employees Credit Union (“PECU”) experienced a data breach after an unauthorized party gained access to the company’s computer network and the sensitive consumer data contained on the network. According to the PECU, the breach resulted in the names, addresses, email addresses, telephone numbers, dates of birth, account numbers and Social Security numbers of affected members being compromised. Click to read entire article.
Public Entity
Chicago Public Schools suffers massive data breach affecting student, staff data
Chicago Public Schools (CPS) has suffered a data breach that compromised the personal information of 500,000 students and more than 56,000 employees. Click to read entire article.
Privacy
Facebook is paying $397 to a MILLION people over disturbing privacy breach– check if you’re affected
FACEBOOK paid more than a million Americans at least $345 this month for collecting data without their consent. Click to read entire article.
Gaming/Casino
MGM Resorts Data Hack: Customer Info Stolen in 2019 Posted on Telegram
An 8GB database containing the personal data of around 30 million MGM Resorts guests has been publicly shared on social messaging channel Telegram. Click to read entire article.
Technology
Class Action Alert – Gainey McKenna & Egleston Announces A Class Action Lawsuit Has Been Filed Against Okta Inc. (OKTA)
The Complaint alleges that that Defendants made false statements and/or concealed that: (i) Okta had inadequate cybersecurity controls; (ii) as a result, Okta’s systems were vulnerable to data breaches; (iii) Okta ultimately did experience a data breach caused by a hacking group, which potentially affected hundreds of Okta customers; (iv) Okta initially did not disclose and subsequently downplayed the severity of the data breach; (v) all the foregoing, once revealed, was likely to have a material negative impact on Okta’s business, financial condition, and reputation; and (vi) as a result, the Company’s public statements were materially false and misleading at all relevant times. Click to read entire article.
GitHub: Attackers stole login details of 100K npm user accounts
GitHub revealed today that an attacker stole the login details of roughly 100,000 npm accounts during a mid-April security breach with the help of stolen OAuth app tokens issued to Heroku and Travis-CI. Click to read entire article.
Non-Profit
Cyberattack at Inglis Foundation Results in Data Breach
The Inglis Foundation recently reported that the company experienced a data breach following a cyberattack. According to Inglis, the breach resulted in the names, Social Security numbers, dates of birth, addresses, bank account information and health information of certain individuals being compromised. Click to read entire article.
Canada
Cyberattack against Regina Public Schools likely ransomware
New information has emerged about the recent cyberattack that targeted Regina Public Schools, forcing it to shut down all internet-based systems such as email and other education tools. Click to read entire article.
Hackers breached Canadian hospital network’s servers, stole sensitive patient data
A Toronto-based Canadian health network has confirmed that it suffered a data breach that compromised the personally identifiable information of its patients and staff. Click to read entire article.
Calgary charity hit by data breach says it responded appropriately despite client concerns
A Calgary charity hit by a data breach last fall says it followed the right protocols and timelines after client questions how long it took to be notified. Click to read entire article.
UK/EU
Third of UK Firms Have Experienced a Security Breach Since 2020
Cyber-threats are behind soaring fraud and economic crime in the UK, where rates are now second only globally to South Africa, according to PwC. Click to read entire article.
Asia Pac
Data breach at Australian pension provider Spirit Super impacts 50k victims following phishing attack
A phishing attack at Australian pension provider Spirit Super has resulted in “some personal details being compromised”. The ‘super fund’ confirmed that user data was breached on May 19, 2022 after an employee’s email account was accessed. Click to read entire article.
Twitter to pay $150m fine for privacy breach of user data
Twitter will pay a $150 million penalty and put in new safeguards to settle federal regulators’ allegations that the social platform failed to protect the privacy of users’ data over a six-year span. Click to read entire article.