We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: PayPal Data Breach Affects Thousands of Users, North Korea-Linked Hackers Behind $100 Million Crypto Heist, GoTo Says Hackers Stole Customers’ Backups and Encryption Key, FanDuel Impacted by MailChimp Data Breach, and more.
Ransomware Corner
Alum Sues Knox College over Data Breach from Ransomware Attack
A Knox College graduate filed a class action lawsuit over a data breach at the college following a ransomware attack. The lawsuit filed Friday, Jan. 20 in the U.S. District Court for the Central District of Illinois accuses Knox of failing to follow up-to-date security practices. Click to read entire article.
One Brooklyn Confirms Cyberattack, BlackCat Ransomware Claims Attack on NextGen
One Brooklyn Health (OBH) confirmed that its systems were subject to unauthorized access beginning in July 2022. In December, local news outlets began reporting outages and delays at One Brooklyn, a health system that operates the Brookdale Hospital Medical Center, Interfaith Medical Center and Kingsbrook Jewish Medical Center. Click to read entire article.
CommonSpirit Facing 2 Proposed Class Actions Post-Breach
Lawsuits: hospital chain failed to protect data in ransomware compromise. Click to read entire article.
Riot Games Receives Ransom Demand from Hackers, Refuses to Pay
Riot Games says it will not pay a $10 million ransom demanded by attackers who stole League of Legends source code in recent security breach. Click to read entire article.
Rundle Eye Care Notifies Patients of Data Breach
At some time before or in early October, the Everest Ransom Team hacked Rundle Eye Care in California. On January 11, Drs. Keith and Herman Rundle notified patients and the California Attorney General’s Office about the incident. Click to read entire article.
Healthcare
Insulet Alerts 29,000 Omnipod Dash Insulin Pump Users to Data Breach Linked to Recall
Insulet has issued an alert for a data breach that may have compromised the health data of thousands of users of its Omnipod Dash insulin pumps. The devicemaker notified affected users and filed a report of the breach with the U.S. Department of Health and Human Services on Jan. 5. According to the HHS’ database, the cybersecurity incident spans around 29,000 Omnipod Dash users. Click to read entire article.
Logan Health Proposes $4.3 Million Settlement to Resolve Class Action Data Breach Lawsuit
Logan Health has agreed to settle a class action lawsuit related to a 2021 hacking incident that exposed the protected health information of 213,543 individuals. Under the terms of the settlement, Logan Health has agreed to create a fund of $4.3 million to cover claims from individuals affected by the breach. Click to read entire article.
Sturdy in Attleboro Settles Lawsuit over Security Breach, Published Report Says
Sturdy Memorial Hospital has settled a lawsuit stemming from a ransomware attack in February 2021. Sturdy has agreed to settle the class action lawsuit filed by patients whose health information was stolen in the cyberattack. Click to read entire article.
Satellite Healthcare Files Official Notice of Data Breach
On January 20, 2023, Satellite Healthcare filed notice of a data breach with the Texas Attorney General after learning that an unauthorized party was able to access—and potentially steal—confidential patient information that had been entrusted to the company. Click to read entire article.
Retail
Hanes Class Action Alleges Data Breach Exposed Sensitive Customer Data
A former Hanes employee is suing the clothing retailer, alleging she and other employees’ private information was stolen by cybercriminals due to the company’s negligence with cybersecurity. Plaintiff Veronica Roman filed the class action lawsuit against Hanes brands Inc. on Jan. 16 in a California federal court, alleging negligence. Click to read entire article.
Energy
Nunavut Energy Corporation Gets Breached by Cyberattack
The computer systems of Qulliq Energy Corporation (QEC), Nunavut’s power utility company, remain down after a cyberattack was confirmed earlier this week. In a release, QEC additionally warned customers to monitor their bank accounts and credit cards for any suspicious activity. Click to read entire article.
Pixel Privacy Liability
‘Pixel’ Data Breach May Affect 134,000 at Wisconsin Clinic that Gets Epic EHR Access through Advocate Aurora Health
Green Bay-based BayCare Clinic recently started notifying the patients that data such as names, appointment information and electronic health messages may have been inadvertently shared with Google or Facebook after Advocate Aurora Health had used “pixel” ad-tracking technology on its Epic patient portal, MyChart, and LiveWell app and website. Click to read entire article.
Financial Services
PayPal Data Breach Affects Thousands of Users
PayPal has notified its users of a data breach the e-commerce company says it suffered as a result of a credential stuffing attack that it says exposed some personal data of nearly 35,000 users. Click to read entire article.
Cole & Van Note Announces Bank of Eastern Oregon Data Breach Investigation
Cole & Van Note, a leading consumer rights law firm, announces its investigation of Bank of Eastern Oregon on behalf of its consumers/clients, arising out of the company’s recent data breach. According to the company, the private information of a massive number of people may have been stolen in the hacking of its information network. It is currently unknown how many people have had their information used for criminal purposes. Click to read entire article.
Members Trust of the Southwest Federal Credit Union Announces Data Breach Affecting Customers’ SSNs and Financial Account Information
On January 20, 2023, Members Trust of the Southwest Federal Credit Union filed notice of a data breach with the Attorney General of Texas after confirming that the confidential information of some bank customers was accessible by an unauthorized party. Click to read entire article.
Technology
GoTo Says Hackers Stole Customers’ Backups and Encryption Key
GoTo (formerly LogMeIn) is warning customers that threat actors who breached its development environment in November 2022 stole encrypted backups containing customer information and an encryption key for a portion of that data. Click to read entire article.
Neopets Faces a Possible Class Action Lawsuit over the Last Year with a Massive User Data Breach
Neopets isn’t getting much coverage of MOP as it made headlines for all the wrong reasons last year when over 69 million users were impacted by a personal data breach. The hacker accessed the data between January and July of 2022, where he downloaded the user details, such as name, email address, password and more, and attempted to sell the data for a sum of $100K worth of Bitcoin. Click to read entire article.
Gaming
FanDuel Impacted by MailChimp Data Breach
Online gambling firm FanDuel had its customers’ names and email addresses compromised during the MailChimp data breach this month, according to BleepingComputer. Click to read entire article.
Crypto
North Korea-Linked Hackers Behind $100 Million Crypto Heist, FBI Says
North Korean-linked actors were behind the theft of $100 million through the hack of a crypto product last year, the Federal Bureau of Investigation said. Click to read entire article.
Asia Pacific
DNA Exclusive: MEA E-mail Server Hacked – Biggest Ever Cyber-Attack in India
In today’s DNA, Zee News’ Rohit Ranjan makes an analysis of the biggest cyber-attack on national security. Click to read entire article.
