We bring to your attention a sampling of recent media stories involving cyber risk and privacy liability. Among the stories we’re highlighting this month: Reddit Data Breach, Nearly 50 Million Americans Impacted by Health Data Breaches in 2022, Former Credit Suisse Employee Steals Salary Data, A Top LastPass Engineer’s Home PC Got Pwned by a Hacker’s Keylogger, and more.

Privacy/ Meta Pixel

Lawsuit Accuses Cedars-Sinai Hospital’s Website of Sharing Patient Data with Meta, Google

A lawsuit against Cedars-Sinai Health System and Cedars-Sinai Medical Center in Los Angeles claims the hospital shared patient data with third parties. “Cedars-Sinai transmitted to third parties portions of the patients’ private communications with it through pieces of tracking code that it embedded in its website, for the sole purpose of sharing such information with marketing entities,” the lawsuit reads. Click to read entire article.

2 Large Hospital Systems in Louisiana Being Sued for Allegedly Sharing Sensitive Patient Data with Facebook & Instagram

The class-action lawsuit filed by Herman Herman & Katz claims the two hospitals have been using a tracking code embedded in their websites that shares patient information without their knowledge or consent. The law firm says the computer code is known as Meta Pixel, and was created by the company that owns Facebook and Instagram; they say it collected, analyzed and shared medical data from hundreds of thousands of patients. Click to read entire article.

Healthcare

Nearly 50 Million Americans Impacted by Health Data Breaches in 2022

Nearly 50 million Americans were affected by data breaches involving health records in 2022. That’s the disturbing figure from a new analysis released by Critical Insight, a cybersecurity company. Click to read entire article.

Another Lawsuit Filed Against Connexin Software Over 2.2 Million-Record Data Breach

Connexin Software does business as Office Practicum and is a provider of electronic medical records and practice management software for pediatric practices. On August 26, 2022, Connexin discovered hackers had gained access to its systems and used ransomware to encrypt files. Click to read entire article.

$3 Million Settlement Proposed to Resolve 20/20 Eye Care Network Data Breach Lawsuit

iCare Acquisitions has proposed a $3 million settlement to resolve claims from individuals affected by a 2021 data breach that affected almost 3.3 million 20/20 Eye Care Network and 20/20 Hearing Care Network health plan members. Click to read entire article.

UMass Memorial Health Center Resolves Healthcare Data Breach Lawsuit With $1.2M Settlement

The proposed settlement will resolve allegations relating to a 2020 healthcare data breach at UMass Memorial Health Center that impacted patient PHI. Click to read entire article.

Healthcare Giant CHS Reports First Data Breach in GoAnywhere Hacks

Community Health Systems (CHS) says it was impacted by a recent wave of attacks targeting a zero-day vulnerability in Fortra’s GoAnywhere MFT secure file transfer platform. The healthcare provider giant said that Fortra issued an alert saying that it had “experienced a security incident” leading to some CHS data being compromised. Click to read entire article.

Electromed Proposes $825,000 Class Action Data Breach Settlement

The medical device manufacturer Electromed has proposed a $850,000 settlement to resolve claims related to a June 2021 ransomware attack and data breach involving the protected health information of 47,200 individuals. Click to read entire article.

Tech

A Top LastPass Engineer’s Home PC Got Pwned by a Hacker’s Keylogger

Beleaguered password manager LastPass has announced yet another serious security screwup and, this time, it may be the final straw for some users. For months, the company has been periodically providing updates about a nasty data breach that occurred last August. Click to read entire article.

Tech / Automotive

Teijin Automotive Technologies Files Notice of Data Breach Affecting Over 25k Employees

On February 2, 2023, Teijin Automotive Technologies filed notice of a data breach with the U.S. Department of Health and Human Services Office for Civil Rights (“HHS-OCR”) after learning that a recent ransomware attack compromised confidential information belonging to certain employees. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, addresses, dates of birth, Social Security numbers, health insurance policy information and banking information. Click to read entire article.

Higher Education

Xavier University of Louisiana Announces Data Breach Affecting 44,312 Individuals

On February 13, 2023, Xavier University of Louisiana (“XULA”) filed a notice of data breach with the Maine Attorney General after learning that the school was the recent target of a ransomware attack compromising personal information belonging to certain students. Click to read entire article.

Financial Services

Hatch Bank Discloses Data Breach After GoAnywhere MFT Hack

Fintech banking platform Hatch Bank has reported a data breach after hackers stole the personal information of almost 140,000 customers from the company’s Fortra GoAnywhere MFT secure file-sharing platform. Click to read entire article.

Credit Suisse Breach Spills Personal Info of High-Net-Worth Clients

The Swiss bank is telling some top clients — customers who keep $50 million or more in the bank — that sensitive personal information including social security identification, employment information, and contact details has been compromised. Click to read entire article.

CompSource Mutual Insurance Company Reports Data Breach Affecting Thousands of Claimants

On February 14, 2023, CompSource Mutual Insurance Company filed a notice of data breach with the Texas Attorney General’s Office after determining that an unauthorized party accessed confidential consumer information stored on the company’s computer system. Click to read entire article.

Cole & Van Note Announces Westerra Credit Union Data Breach Investigation

Cole & Van Note, a leading consumer rights law firm, announces today its investigation of Westerra Credit Union on behalf of its consumers/clients, arising out the company’s recent data breach. According to the company, the private information of a massive number of people may have been stolen in the hacking of its information network. Click to read entire article.

Meriplex Communications Announces Data Breach Affecting Malaga Bank Customers

On February 10, 2023, Meriplex Communications filed notice of a data breach with several state attorney general offices after discovering that confidential consumer data stored on the company’s computer network was subject to unauthorized access. Click to read entire article.

Social Media

Reddit Data Breach Exposes Internal Docs, Source Code

Reddit has revealed it suffered a data breach that allowed hackers to breach the company’s internal business systems and steal documents and source code. The company said hackers conducted a phishing attack — involving a fake landing page — against its employees that aimed at stealing credentials and two-factor authentication tokens, reports Bleeping Computer. Click to read entire article.

Food & Beverage

Pepsi Bottling Ventures Discloses Data Breach

Pepsi Bottling Ventures, the largest privately-held bottler of Pepsi-Cola products in the United States, says data was stolen from its systems following a malware attack. The incident, Pepsi Bottling Ventures says, was discovered on January 10, but the investigation that was launched into the matter revealed that attackers gained access to the company’s network on December 23. The unauthorized access was blocked on January 19. Click to read entire article.

Casino

Crystal Bay Casino Notifies 86,291 Individuals of Recent Data Breach

On February 24, 2023, Crystal Bay Casino filed notice of a data breach with the attorney general offices in Maine, Montana and Massachusetts after learning that an unauthorized party accessed files on the company’s computer network containing confidential consumer information. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, Social Security numbers and driver’s license numbers. Click to read entire article.

Public Entities

Oregon City Server Outage Caused by Ransomware, Officials Say

Public-facing services in Oregon City, Ore., were taken offline Feb. 6 after what officials are now calling a “sophisticated ransomware attack.” Click to read entire article.

EU/UK

WH Smith Discloses Cyber-Attack, Company Data Theft

British high street chain WH Smith has revealed earlier today it was hit by a cyber-attack that resulted in the theft of company data. Click to read entire article.

Asia Pacific

Former Credit Suisse Employee Steals Salary Data. Advice for Health Organizations on Data Breaches.

Global investment bank Credit Suisse has disclosed that a former staff member took personal employee data when departing the company. The India-based employee had legitimate access to the data at the time but left the bank in 2019. Click to read entire article.

Medibank Class Action Launched After Massive Hack Put Private Information of Millions on Dark Web

The law firm Baker McKenzie has launched a class action lawsuit against Medibank over the health insurer’s massive cyber attack last year that resulted in the personal details of up to 10 million customers being posted on the dark web. Click to read entire article.

Data Breaches Affecting Millions of Australians Are on the Rise, Information Commissioner Says

Millions of Australians’ personal details have been compromised by unpublicized data breaches – separate from the Optus and Medibank hacks – according to figures released by the national information watchdog on Wednesday. Click to read entire article.