Cyber Risk News

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Twitter data breach exposes contact details for 5.4M, US Federal Courts Data Breach, hacker claiming access to 50 U.S. companies through breached MSP, Threat actors claim to have hacked the multinational manufacturer of missiles MBDA, and more.

Technology

Uber Admits Covering Up Massive 2016 Data Breach in Settlement With Us Prosecutors

The personal information of 57 million people was exposed in the hack. Click to read entire article.

Experts Warn of Hacker Claiming Access to 50 U.S. Companies

Cybersecurity experts are raising concerns about an individual on a hacker forum claiming to have access to 50 American companies through an unnamed managed service provider (MSP). Click to read entire article.

Twitter Data Breach Exposes Contact Details for 5.4M Accounts; On Sale for $30K

A Twitter data breach has allowed an attacker to get access to the contact details of 5.4M accounts. Twitter has confirmed the security vulnerability which allowed the data to be extracted. Click to read entire article.

911 Proxy Service Shuts Down After Confirming Security Breach

911 proxy service (911.re), regarded as one of the few original residential proxy networks, has announced shutting down its operations after suffering a data breach. The service that has sold access to countless Microsoft Windows computers since 2015 confirmed in a message on its home page that the cyberattack destroyed critical elements of its business operations. Click to read entire article.

Clinivate, LLC Announces Data Breach

On July 22, 2022, Clinivate, LLC reported a data breach after the company discovered a network security incident involving its computer system. According to Clinivate, the breach resulted in the following data types of certain patients being compromised: names, medical record numbers, health plan beneficiary numbers, treatment information, diagnosis information, other medical information, and information relating to payments for the provision of health care. Current estimates place the number of people affected by the Clinivate data breach at more than 77,000. Click to read entire article.

Retail

Data Breach on Virtual Pet Website Neopets Affected 69 Million Users and Leaked Source Code

A threat actor identified as “TarTarX” advertised the sale of the stolen website’s source code and database for four bitcoins, currently amounting to $96,000. Click to read entire article.

Healthcare

Meta, Us Hospitals Sued for Using Healthcare Data to Target Ads

A class action lawsuit has been filed in the Northern District of California against Meta (Facebook), the UCSF Medical Center, and the Dignity Health Medical Foundation, alleging that the organizations are unlawfully collecting sensitive healthcare data about patients for targeted advertising. Click to read entire article.

Avamere Health Services Data Breach Impacts 96 Practices, At Least 380K

Avamere Health Services, a group of independently-owned post-acute care companies, reported a data breach that impacted 96 practices and at least 380K individuals. Click to read entire article.

Information of 8,000 People Possibly Leaked After Allegheny Health Network Data Breach

According to our partners at TribLIVE.com, an AHN employee’s account was compromised after they opened a phishing email. Leaked information could include patients’ names, birthdays, addresses, phone numbers, email addresses and driver’s license numbers. Click to read entire article.

Average Data Breach Now Costs a Record $4.35 Million

The average cost of a data breach hit an all-time high of $4.35 million this year, up 2.6% from a year ago and 12.7% from 2020, according to 2022 Cost of a Data Breach Report conducted by Ponemon Institute and IBM Security. Click to read entire article.

Behavioral Health Group Reports Data Breach Affecting Patients’ Protected Health Information

On July 27, 2022, Behavioral Health Group (“BHG”) filed an official notice of a data breach after a “security incident” affecting the company’s computer system resulted in an unauthorized party being able to access sensitive information belonging to certain patients. Click to read entire article.

ACTS Retirement Services Hit with Class Action Following April-May 2022 Data Breach

ACTS Retirement Services, Inc. faces a proposed class action lawsuit over a data breach believed to have compromised the personal information of potentially thousands of current and former employees. Click to read entire article.

St. Luke’s Patient Information Possibly Stolen in Data Breach

Organization to mail notifications, provide free identity-theft services to people potentially affected. Click to read entire article.

Public Entities (Gov)

US Federal Courts Data Breach: Justice Department Investigates Records System Cyberattack

As per the latest news story by The Verge, the House Judiciary Committee Chair Jerrold Nadler says in his latest testimony that the document system of the US federal courts has been hit by a massive cyber breach. Click to read entire article.

Telecom

Are You Eligible for Money From T-Mobile’s $350 Million Data Breach Settlement?

When T-Mobile was hacked in 2021, more than 76 million people’s data was exposed. Click to read entire article.

Financial Services

BECU Notifies Impacted Members of Data Breach

The breach unveils personal information of an undisclosed number of BECU members. Click to read entire article.

Higher Education

DigiPen Institute of Technology Announces Data Breach

On July 26, 2022, the DigiPen Institute of Technology reported a data breach after an unauthorized party gained access to files on the DigiPen network that contained sensitive consumer information. Click to read entire article.

Canada

Two Canadian Banks Report Cyber Attacks Over the Weekend

Two of Canada’s largest banks have reported that cyber thieves may have stolen the financial information for over 90,000 of their customers. Click to read entire article.

EU

Threat Actors That Go Online With the Moniker Adrastea Claim To Have Hacked the Multinational Manufacturer of Missiles MBDA.

A threat actor that goes online with the moniker Adrastea, and that defines itself as a group of independent cybersecurity specialists and researchers, claims to have hacked MBDA. Adrastea said that they have found critical vulnerabilities in the company infrastructure and have stolen 60 GB of confidential data. Click to read entire article.

Asia Pacific

University of Western Australia Student Details Exposed in Data Breach

The University of Western Australia (UWA) has confirmed falling victim to a data breach, with the personal information of current and past students accessed. Click to read entire article.


Vol. 247 – August 17, 2022

Download 2021 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download

© 2022 NetDiligence All Rights Reserved.