Cyber Risk News

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: PayPal Data Breach Affects Thousands of Users, North Korea-Linked Hackers Behind $100 Million Crypto Heist, GoTo Says Hackers Stole Customers’ Backups and Encryption Key, FanDuel Impacted by MailChimp Data Breach, and more.

Ransomware Corner

Alum Sues Knox College over Data Breach from Ransomware Attack

A Knox College graduate filed a class action lawsuit over a data breach at the college following a ransomware attack. The lawsuit filed Friday, Jan. 20 in the U.S. District Court for the Central District of Illinois accuses Knox of failing to follow up-to-date security practices. Click to read entire article.

One Brooklyn Confirms Cyberattack, BlackCat Ransomware Claims Attack on NextGen

One Brooklyn Health (OBH) confirmed that its systems were subject to unauthorized access beginning in July 2022. In December, local news outlets began reporting outages and delays at One Brooklyn, a health system that operates the Brookdale Hospital Medical Center, Interfaith Medical Center and Kingsbrook Jewish Medical Center. Click to read entire article.

CommonSpirit Facing 2 Proposed Class Actions Post-Breach

Lawsuits: hospital chain failed to protect data in ransomware compromise. Click to read entire article.

Riot Games Receives Ransom Demand from Hackers, Refuses to Pay

Riot Games says it will not pay a $10 million ransom demanded by attackers who stole League of Legends source code in recent security breach. Click to read entire article.

Rundle Eye Care Notifies Patients of Data Breach

At some time before or in early October, the Everest Ransom Team hacked Rundle Eye Care in California. On January 11, Drs. Keith and Herman Rundle notified patients and the California Attorney General’s Office about the incident. Click to read entire article.

Healthcare

Insulet Alerts 29,000 Omnipod Dash Insulin Pump Users to Data Breach Linked to Recall

Insulet has issued an alert for a data breach that may have compromised the health data of thousands of users of its Omnipod Dash insulin pumps. The devicemaker notified affected users and filed a report of the breach with the U.S. Department of Health and Human Services on Jan. 5. According to the HHS’ database, the cybersecurity incident spans around 29,000 Omnipod Dash users. Click to read entire article.

Logan Health Proposes $4.3 Million Settlement to Resolve Class Action Data Breach Lawsuit

Logan Health has agreed to settle a class action lawsuit related to a 2021 hacking incident that exposed the protected health information of 213,543 individuals. Under the terms of the settlement, Logan Health has agreed to create a fund of $4.3 million to cover claims from individuals affected by the breach. Click to read entire article.

Sturdy in Attleboro Settles Lawsuit over Security Breach, Published Report Says

Sturdy Memorial Hospital has settled a lawsuit stemming from a ransomware attack in February 2021. Sturdy has agreed to settle the class action lawsuit filed by patients whose health information was stolen in the cyberattack. Click to read entire article.

Satellite Healthcare Files Official Notice of Data Breach

On January 20, 2023, Satellite Healthcare filed notice of a data breach with the Texas Attorney General after learning that an unauthorized party was able to access—and potentially steal—confidential patient information that had been entrusted to the company. Click to read entire article.

Retail

Hanes Class Action Alleges Data Breach Exposed Sensitive Customer Data

A former Hanes employee is suing the clothing retailer, alleging she and other employees’ private information was stolen by cybercriminals due to the company’s negligence with cybersecurity. Plaintiff Veronica Roman filed the class action lawsuit against Hanes brands Inc. on Jan. 16 in a California federal court, alleging negligence. Click to read entire article.

Energy

Nunavut Energy Corporation Gets Breached by Cyberattack

The computer systems of Qulliq Energy Corporation (QEC), Nunavut’s power utility company, remain down after a cyberattack was confirmed earlier this week. In a release, QEC additionally warned customers to monitor their bank accounts and credit cards for any suspicious activity. Click to read entire article.

Pixel Privacy Liability

‘Pixel’ Data Breach May Affect 134,000 at Wisconsin Clinic that Gets Epic EHR Access through Advocate Aurora Health

Green Bay-based BayCare Clinic recently started notifying the patients that data such as names, appointment information and electronic health messages may have been inadvertently shared with Google or Facebook after Advocate Aurora Health had used “pixel” ad-tracking technology on its Epic patient portal, MyChart, and LiveWell app and website. Click to read entire article.

Financial Services

PayPal Data Breach Affects Thousands of Users

PayPal has notified its users of a data breach the e-commerce company says it suffered as a result of a credential stuffing attack that it says exposed some personal data of nearly 35,000 users. Click to read entire article.

Cole & Van Note Announces Bank of Eastern Oregon Data Breach Investigation

Cole & Van Note, a leading consumer rights law firm, announces its investigation of Bank of Eastern Oregon on behalf of its consumers/clients, arising out of the company’s recent data breach. According to the company, the private information of a massive number of people may have been stolen in the hacking of its information network. It is currently unknown how many people have had their information used for criminal purposes. Click to read entire article.

Members Trust of the Southwest Federal Credit Union Announces Data Breach Affecting Customers’ SSNs and Financial Account Information

On January 20, 2023, Members Trust of the Southwest Federal Credit Union filed notice of a data breach with the Attorney General of Texas after confirming that the confidential information of some bank customers was accessible by an unauthorized party. Click to read entire article.

Technology

GoTo Says Hackers Stole Customers’ Backups and Encryption Key

GoTo (formerly LogMeIn) is warning customers that threat actors who breached its development environment in November 2022 stole encrypted backups containing customer information and an encryption key for a portion of that data. Click to read entire article.

Neopets Faces a Possible Class Action Lawsuit over the Last Year with a Massive User Data Breach

Neopets isn’t getting much coverage of MOP as it made headlines for all the wrong reasons last year when over 69 million users were impacted by a personal data breach. The hacker accessed the data between January and July of 2022, where he downloaded the user details, such as name, email address, password and more, and attempted to sell the data for a sum of $100K worth of Bitcoin. Click to read entire article.

Gaming

FanDuel Impacted by MailChimp Data Breach

Online gambling firm FanDuel had its customers’ names and email addresses compromised during the MailChimp data breach this month, according to BleepingComputer. Click to read entire article.

Crypto

North Korea-Linked Hackers Behind $100 Million Crypto Heist, FBI Says

North Korean-linked actors were behind the theft of $100 million through the hack of a crypto product last year, the Federal Bureau of Investigation said. Click to read entire article.

Asia Pacific

DNA Exclusive: MEA E-mail Server Hacked – Biggest Ever Cyber-Attack in India

In today’s DNA, Zee News’ Rohit Ranjan makes an analysis of the biggest cyber-attack on national security. Click to read entire article.


Vol. 253 – February 15, 2023

Download 2024 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download

© 2024 NetDiligence All Rights Reserved.