We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Val Verde Regional Medical Center Notifies Thousands of Patients Following Data Breach, MGM Resorts Data Hack, Facebook is paying $397 to a MILLION people, Hackers breached Canadian hospital network’s servers, and more.

Healthcare

Optoma Technology, Inc. Confirms Data Breach Stemming from Recent Ransomware Attack

Optoma Technology, Inc. reported a data breach following a ransomware attack in which unauthorized parties were able to access the company’s computer system for a period of about ten days. According to Optoma, the breach resulted in the following types of information being compromised: names, Social Security numbers, driver’s license numbers, state identification numbers, financial account information, payment information, health insurance information, username and password. Click to read entire article.

Val Verde Regional Medical Center Notifies Thousands of Patients Following Data Breach

Recently, Val Verde Regional Medical Center reported a data breach after an unauthorized party following an incident in which an unauthorized party gained access to the company’s computer network and may have downloaded files containing sensitive patient data. Click to read entire article.

Summit Healthcare’s Business Associate Provides Notice of Data Breach

On Feb. 26, the company PFC detected and stopped a sophisticated ransomware attack in which an unauthorized third party accessed and disabled some of PFC’s computer systems. PFC immediately engaged third-party forensic specialists to assist with securing the network environment and investigating the extent of any unauthorized activity. Federal law enforcement was also notified. The investigation determined an unauthorized third party may have accessed files containing certain individuals’ personal information. Click to read entire article.

Data Breach at East Tennessee Children’s Hospital Affects More than 422,000 People

One of the most recent healthcare data breaches involves East Tennessee Children’s Hospital (“ETCH”), which reported a data breach involving patients’ names, contact information, dates of birth, medical record numbers, medical history information, and Social Security numbers. Click to read entire article.

Financial Services

Lakeview Loan Servicing Faces Multiple Lawsuits Over Data Breach

Florida-based Lakeview Loan Servicing LLC, the fourth largest loan-servicing company in the nation, is facing at least two proposed class action lawsuits as a result of a late-2021 data breach that reportedly affected more than 2.5 million consumers. Click to read entire article.

Public Employees Credit Union Data Breach Results in Leaked Social Security Numbers

Public Employees Credit Union (“PECU”) experienced a data breach after an unauthorized party gained access to the company’s computer network and the sensitive consumer data contained on the network. According to the PECU, the breach resulted in the names, addresses, email addresses, telephone numbers, dates of birth, account numbers and Social Security numbers of affected members being compromised. Click to read entire article.

Public Entity

Chicago Public Schools suffers massive data breach affecting student, staff data

Chicago Public Schools (CPS) has suffered a data breach that compromised the personal information of 500,000 students and more than 56,000 employees. Click to read entire article.

Privacy

Facebook is paying $397 to a MILLION people over disturbing privacy breach– check if you’re affected

FACEBOOK paid more than a million Americans at least $345 this month for collecting data without their consent. Click to read entire article.

Gaming/Casino

MGM Resorts Data Hack: Customer Info Stolen in 2019 Posted on Telegram

An 8GB database containing the personal data of around 30 million MGM Resorts guests has been publicly shared on social messaging channel Telegram. Click to read entire article.

Technology

Class Action Alert – Gainey McKenna & Egleston Announces A Class Action Lawsuit Has Been Filed Against Okta Inc. (OKTA)

The Complaint alleges that that Defendants made false statements and/or concealed that: (i) Okta had inadequate cybersecurity controls; (ii) as a result, Okta’s systems were vulnerable to data breaches; (iii) Okta ultimately did experience a data breach caused by a hacking group, which potentially affected hundreds of Okta customers; (iv) Okta initially did not disclose and subsequently downplayed the severity of the data breach; (v) all the foregoing, once revealed, was likely to have a material negative impact on Okta’s business, financial condition, and reputation; and (vi) as a result, the Company’s public statements were materially false and misleading at all relevant times. Click to read entire article.

GitHub: Attackers stole login details of 100K npm user accounts

GitHub revealed today that an attacker stole the login details of roughly 100,000 npm accounts during a mid-April security breach with the help of stolen OAuth app tokens issued to Heroku and Travis-CI. Click to read entire article.

Non-Profit

Cyberattack at Inglis Foundation Results in Data Breach

The Inglis Foundation recently reported that the company experienced a data breach following a cyberattack. According to Inglis, the breach resulted in the names, Social Security numbers, dates of birth, addresses, bank account information and health information of certain individuals being compromised. Click to read entire article.

Canada

Cyberattack against Regina Public Schools likely ransomware

New information has emerged about the recent cyberattack that targeted Regina Public Schools, forcing it to shut down all internet-based systems such as email and other education tools. Click to read entire article.

Hackers breached Canadian hospital network’s servers, stole sensitive patient data

A Toronto-based Canadian health network has confirmed that it suffered a data breach that compromised the personally identifiable information of its patients and staff. Click to read entire article.

Calgary charity hit by data breach says it responded appropriately despite client concerns

A Calgary charity hit by a data breach last fall says it followed the right protocols and timelines after client questions how long it took to be notified. Click to read entire article.

UK/EU

Third of UK Firms Have Experienced a Security Breach Since 2020

Cyber-threats are behind soaring fraud and economic crime in the UK, where rates are now second only globally to South Africa, according to PwC. Click to read entire article.

Asia Pac

Data breach at Australian pension provider Spirit Super impacts 50k victims following phishing attack

A phishing attack at Australian pension provider Spirit Super has resulted in “some personal details being compromised”. The ‘super fund’ confirmed that user data was breached on May 19, 2022 after an employee’s email account was accessed. Click to read entire article.

Twitter to pay $150m fine for privacy breach of user data

Twitter will pay a $150 million penalty and put in new safeguards to settle federal regulators’ allegations that the social platform failed to protect the privacy of users’ data over a six-year span. Click to read entire article.