We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Hackers Breach LastPass Developer System, Doordash Customers’ Personal Information Exposed in Data Leak, Aetna Agrees to Pay $17 Million in HIV Privacy Breach, FTC Sues Data Broker, Condemns Improper Data Privacy Practices, and more.
Settlement Alert – How to Claim Money from Capital One’s $190 Million Data Breach Settlement
A huge data breach in March 2019 exposed the personal information of more than 100 million Capital One customers. As a result, the financial powerhouse has agreed to a proposed $190 million settlement that is set to receive final approval next week. Click to read entire article.
Ellington Management Group, LLC Announces Data Breach Related to Compromised Employee Email Accounts
On August 29, 2022, Ellington Management Group, LLC reported a data breach with the Montana Attorney General after the company learned that an unauthorized party had gained access to two employee email accounts. According to Ellington, the breach involved mortgage holders’ names, Social Security numbers, driver’s license numbers, electronic signatures, credit card numbers, dates of birth, bank or financial account numbers, and other information you may have provided in connection with your mortgage loan. Click to read entire article.
Millions of Student Loan Accounts Exposed in Data Breach
The data of over 2.5 million individuals who have taken out student loans with either the Oklahoma Student Loan Authority (OSLA) or EdFinancial has been exposed in a data breach. The breach itself was suffered by Nelnet Servicing, a Nebraska-based technology services firm that both loan companies utilized for their web portals. Click to read entire article.
Lending Tree Notifies 70,000 Customers of Data Breach
Online mortgage lender Lending Tree sent breach notification letters to affected individuals on June 29, 2022. The letter advises those persons that their name, social security number, date of birth, and address were compromised in mid-February 2022. Click to read entire article.
Jack Dorsey’s Company Block Sued Over Security Breach
A class action lawsuit alleges the company failed to protect the data of over 8.2 million users, stolen by an ex-employee.
Block, a digital payments company co-founded by Twitter’s ex-CEO Jack Dorsey, faced allegations it failed to protect customers’ personal data. According to a class action lawsuit, the company failed to implement adequate security measures. The lawsuit was filed by two users of Cash App, a subsidiary of Block. Click to read entire article.
Hackers Breach LastPass Developer System to Steal Source Code
Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information. The security breach is said to have occurred two weeks ago, targeting its development environment. No customer data or encrypted passwords were accessed, although the company provided no further details regarding the hack and what source code was stolen. Click to read entire article.
Valex Corporation Announces Data Breach Following Malware Attack
On August 25, 2022, Valex Corporation filed an official notice of a data breach with the Attorney General of California after the company reportedly experienced a malware attack that leaked consumer data. According to Valex, the breach resulted in the names, dates of birth and Social Security numbers of certain individuals being compromised. Click to read entire article.
Baker & Taylor’s Systems Remain Offline a Week After Ransomware Attack
A server outage has impacted library services company Baker & Taylor’s systems and applications, said the firm on Twitter on August 23, 2022. A day later, the firm confirmed it engaged outside third-party experts to fix the issue. Click to read entire article.
SCA Pharmaceuticals, LLC Announces Data Breach
On August 29, 2022, SCA Pharmaceuticals, LLC reported a data breach with the Montana Attorney General’s office after the company experienced a malware attack. According to SCA Pharma, the breach resulted in the names, dates of birth, Social Security numbers, other governmental identifiers, certain health information, and bank account information of certain individuals being compromised. Click to read entire article.
Food Delivery/ Tech.
Doordash Customers’ Personal Information Exposed in Data Leak
The food-delivery company is reporting a data breach that left customers’ personal information exposed. The company says customers had their names, email and delivery addresses, phone numbers and card numbers stolen. Click to read entire article.
Russian Streaming Platform Confirms Data Breach Affecting 7.5M Users
Russian media streaming platform ‘START’ (start.ru) has confirmed rumors of a data breach impacting millions of users. The platform’s administrators shared that network intruders managed to steal a 2021 database from its systems and are now distributing samples online. Click to read entire article.
Aetna Agrees to Pay $17 Million in HIV Privacy Breach
Aetna settled a lawsuit for $17 million Wednesday over a data breach that happened in the summer of 2017. The privacy of as many as 12,000 people insured by Aetna was compromised in a very low-tech way: the fact that they had been taking HIV drugs was revealed through the clear window of the envelope. Click to read entire article.
Individuals Affected by Vendor Ransomware Attack Reaches 2.7M
The number of people affected by a ransomware attack on printing and mailing vendor OneTouchPoint has reached 2.7 million, according to an updated breach report. The report, filed to the Maine attorney general’s office Aug. 26, indicates individuals were affected by an “external system breach hacking” incident detected July 15. Click to read entire article.
HealthCare.gov Breach Exposed Personal Details of 75,000, Including Partial Social Security Numbers
A data breach at HealthCare.gov exposed personal details of roughly 75,000 people, including the last four digits of the Social Security number, immigration status and employer name, the Department of Health and Human Services said in a letter to those affected on Friday. Click to read entire article.
CorrectHealth Announces Data Breach Affecting the Personal Information of More Than 54k Individuals
On August 25, 2022, CorrectHealth reported a data breach with the various state attorney generals’ offices after the company learned that an unauthorized party had gained access to several employee email accounts. According to Correct Health, the breach resulted in the names, addresses, Social Security numbers, Driver’s License numbers, passport numbers, financial account information, and limited medical information of certain individuals being compromised. Click to read entire article.
EmergeOrtho Reports Data Breach Leaking Social Security Numbers of up to 75,200 Individuals
On August 25, 2022, EmergeOrtho reported a data breach with the various state attorney generals’ offices after the company learned it was the target of a ransomware attack. According to EmergeOrtho, the breach resulted in the first and last names, addresses, Social Security numbers, and dates of birth of certain individuals being compromised. Click to read entire article.
Napa Valley College Files Report of Recent Data Breach Following Ransomware Attack
On August 25, 2022, Napa Valley College confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on NVC’s network. According to NVC, the breach resulted in the names and Social Security numbers belonging to certain individuals being compromised. Click to read entire article.
Newcourse Communications, Inc. Announces Data Breach Leaking the Social Security Numbers of as Many as 47,000 People
On August 18, 2022, Newcourse Communications, Inc. reported a data breach with several state attorney generals’ offices after the company’s computer systems were hacked. According to the Newcourse, the breach resulted in the names and Social Security numbers of certain individuals being compromised. Click to read entire article.
Privacy (wrongful collection or sharing)
FTC Sues Data Broker, Condemns Improper Data Privacy Practices
The FTC underscored its commitment to fighting against improper location and health data privacy practices in a recent lawsuit against data broker Kochava. Click to read entire article.
79% of the Companies Only Invest in Cybersecurity After Hacking Incidents
The British cybersecurity company Tanium published a survey on investments in digital protection in UK companies with alarming results: 79% of them only approve investments in cybersecurity after suffering a data breach; 92% experienced a data attack or breach, of which 74% occurred in 2021. Click to read entire article.
Cyber Legal/Liability Risk Landscape
United States: Plaintiffs’ Attorneys Racing to Courthouses in the United States to File Data Breach Class Actions
While in years past companies that experienced a data breach and had to send notice to regulators and impacted individuals might hope they never get sued, now they should fully expect to have a lawsuit filed. The lag time between when the companies sent notice of the breach and a resulting lawsuit has truncated. Click to read entire article.