Cyber Risk News

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Samsung Sued Over Recent Data Breaches, How DDoS Attacks Plagued PokerStars’ High Profile WCOOP Series, Class-Action Suits Over Data Breaches No Longer Require Proof of Actual Harm, Fitbit, Apple User Data Exposed in Breach Impacting 61M Fitness Tracker Records, and more.

Ransomware Corner

Defense Giant Elbit Confirms Data Breach After Ransomware Gang Claims Hack

Elbit Systems of America, a subsidiary of Israeli defense giant Elbit Systems, has confirmed suffering a data breach, a few months after a ransomware gang claimed to have hacked the company’s systems. Click to read entire article.

Healthcare

Lawsuit Claims Mon Health Didn’t Protect Patients from Data Breach

Morgantown, W.Va.-based Mon Health is being sued over a December 2021 data breach, The (Morgantown) Dominion Post reported Sept. 24. The data breach had compromised the health and personal data of at least 492,861 people, including patients, providers, employees and contractors, according to the story. The data reportedly included names, addresses, dates of birth, Social Security numbers, and health insurance and medical treatment information. Click to read entire article.

Humana Discloses Third-Party Data Breach at Choice Health

September 27, 2022 – Humana disclosed a third-party data breach to the Maine Attorney General’s Office that impacted 22,767 individuals. The breach originated at Choice Health, which sells Medicare products on Humana’s behalf. Click to read entire article.

OneTouchPoint Data Breach Investigation: Who’s Affected?

In April 2022, OneTouchPoint, which provides printing and mailing services for health insurance providers, experienced a data breach that compromised the personally identifiable information of more than one million people. Sensitive information such as customer names, addresses, birth dates, service description, diagnosis codes, member identification and health assessment information was potentially exposed to unauthorized third-parties. Click to read entire article.

Shipping

U-Haul Class Action Accuses Company of Neglect that Led to Data Breach

U-Haul didn’t adequately protect its computer systems, leading to cybercriminals obtaining the personal information of customers in a data breach, a new class action lawsuit alleges. According to the lawsuit, the hack started on Nov. 5, 2021, and continued for seven months through April 5, 2022, leaking personal information including names, dates of birth and driver’s license numbers. Click to read entire article.

Financial Services

Capital One’s $190 Million Data Breach Settlement: You Have Two Days to Claim Your Money

Class members can collect up to $25,000 for lost time and out-of-pocket expenditures, if they move quickly. Click to read entire article.

Payday Lender Cash Express Reports Data Breach Affecting 100,000 Customers

The nonbank lending company Cash Express reported to the Montana attorney general this month a data breach that gave an unauthorized party access to sensitive consumer information from more than 100,000 individuals. Click to read entire article.

Morgan Stanley to Pay SEC $35M to Settle Data Exposure Inquiry

Morgan Stanley Smith Barney LLC reportedly reached a $35 million settlement with the Securities and Exchange Commission (SEC) over allegations it improperly removed computer devices from its offices, exposing the data of millions of customers. Click to read entire article.

FinTech

Fintech Company Suffers Data Breach

Revolut suffered an online security nightmare this month as a recent data breach affected 50,000 customers worldwide. Click to read entire article.

Airlines

Breached American Airlines Email Accounts Abused for Phishing

American Airlines discovered it was breached after receiving reports of employee email accounts being used in phishing attacks. Last week, the airline started informing some of its customers that their personal data was likely compromised in a data breach identified in early July. Click to read entire article.

Telecom

Samsung Sued Over Recent Data Breaches

The 43-page complaint filed with the Federal District Court for the Northern District of California claims that Samsung unnecessarily collected user data and then stored and sold it without proper security protections, which led to two back-to-back data breaches. Click to read entire article.

T-Mobile $350 Million Data Breach Settlement: Are You Eligible for Money?

A cyberattack affected nearly 80 million T-Mobile customers last year. Click to read entire article.

Online Gambling (DDoS)

18 Hours of Disruption: How DDoS Attacks Plagued PokerStars’ High Profile WCOOP Series

PokerStars confirms recent interruption of the service were due to DDoS attacks but operator assures players’ funds are safe and services are back to normal. Click to read entire article.

Public Entity

Hackers Paralyze 911 Operations in Suffolk County, NY

A Sept. 8 ransomware attack on Suffolk County government systems in New York continues to wreak havoc on citizens of the area, driving overwhelmed 911 operators working without the aid of computers to call for backup. Click to read entire article.

Tech

Fitbit, Apple User Data Exposed in Breach Impacting 61M Fitness Tracker Records

An unsecured database containing over 61 million records related to fitness trackers and wearables exposed Apple and Fitbit users’ data online. Click to read entire article.

Legal Ruling Updates

Class-Action Suits Over Data Breaches No Longer Require Proof of Actual Harm, According to Federal Appeals Court Ruling

As ransomware attacks targeting the education sector grab more headlines every week, a new ruling from a federal appeals court has made it easier for people whose data is breached and leaked on the dark web to sue the organizations where the data was compromised. Click to read entire article.

Crypto

Wintermute Loses $160 Million in Hack

Cryptocurrency market maker disclosed the exploit on Twitter. Click to read entire article.

Asia Pacific

The Optus Customer Data Breach Could Lead to a Class Action Lawsuit. What Might That Look Like?

As the shockwaves from the massive Optus customer data breach ripple across Australia, there are already rumblings of a class action lawsuit. In Melbourne, law firm Slater and Gordon said on Tuesday it was investigating whether a deficiency in Optus’s management of data had led to the personal information of nearly 10 million current and former customers being leaked. Click to read entire article.


Vol. 249 – October 19, 2022

Download 2022 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download

© 2022 NetDiligence All Rights Reserved.