We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Hackers Hold City of Augusta Hostage, Nearly 60% of Firms Have Experienced a GDPR-Related Data Breach, Capita Hack: 90 Organizations Report Data Breaches to Watchdog, Ransomware Gangs Claim Three Healthcare Victims, and more.

Ransomware Corner

Nearly 9 Million People Affected by Data Breach From Cyberattack on Dental Insurer

A ransomware attack on a major dental insurance provider leaked the personal information of nearly nine million people across the United States, according to documents filed with state regulators. Managed Care of North America (MCNA) is the largest dental insurer in the nation for government-sponsored Medicaid and Children’s Health Insurance Programs. Click to read entire article.

Hackers Hold City of Augusta Hostage in a Ransomware Attack

The ransomware group has released 10GB of sample data from the cyberattack on the US city of Augusta and claimed they have a lot more data available. Click to read entire article.

Ransomware Gangs Claim Three Healthcare Victims

Two ransomware groups – BianLian and RansomHouse – added Albany ENT & Allergy Services (AENT) to their data leak sites, along with claims that 1TB of data was stolen from its network before files were encrypted. Click to read entire article.

Retail

Sports Warehouse to Pay $300,000 for Data Breach

Sports Warehouse, which owns the online sporting goods websites Tennis Warehouse, Running Warehouse, Skate Warehouse and Tackle Warehouse, will have to pay $300,000 in penalties to the State of New York and strengthen its cybersecurity measures after being found liable for failing to protect the personal data of 2.5 million consumers according to a statement from New York’s Office of the Attorney General (OAG). Click to read entire article.

Albertsons Companies Facing Class Action Over ‘Preventable’ 2022 Employee Data Breach

The 55-page lawsuit contends that the breach, during which an unauthorized actor gained access to files containing employees’ personal information over the course of at least three days, was a direct result of the grocery store operator’s failure to implement reasonable cybersecurity measures. Click to read entire article.

Public Entity

Attorney General James Recoups $550,000 From Erie County Medical Management Company for Failing to Protect Patients’ Data

Practicefirst’s failure to make a timely software update made their networks susceptible to a cyberattack, which affected more than 1.2 million individuals nationwide, including over 428,000 New Yorkers. Click to read entire article.

Non-Profit

Metropolitan Opera Data Breach Compromised Personal Info of 45,000 Employees and Patrons, Lawsuit Says

Former Met employee Anthony Viti, the lead plaintiff in a class action lawsuit filed last week, claims that his Social Security number, his driver’s license number, his date of birth, and financial account information were all accessed by hackers. Click to read entire article.

Healthcare

EyeMed Pays Four State AGs $2.5M for Data Breach

EyeMed Vision Care, LLC has agreed to settle allegations lodged against it by four state Attorneys General for $2.5 million stemming from a data breach that occurred in 2020 and affected 2.1 million people. The settlement is with the AGs of Florida, New Jersey, Oregon, and Pennsylvania. Click to read entire article.

Lehigh Valley Health Network Seeks Dismissal of Data Breach Suit

Attorneys for Lehigh Valley Health Network argue a class-action lawsuit related to a data breach should be dismissed because the plaintiff failed to present sufficient evidence to show the hospital was negligent. Click to read entire article.

Higher Education

Suffolk University Notifies Over 53k Students of 2022 Data Breach Involving Their SSNs

Suffolk University recently filed a notice of data breach with the Attorney General of Maine after learning that a cybersecurity event resulted in confidential student information being accessed or obtained by an unauthorized party. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to students’ names and Social Security numbers. Click to read entire article.

Compliance – GDPR

Nearly 60% of Firms Have Experienced a GDPR-Related Data Breach in the Past Five Years

This week marks the five year anniversary of the EU’s General Data Protection Regulation (GDPR), but new data published by iResearch Services reveals that the regulation has been unsuccessful in preventing data breaches. Click to read entire article.

Africa

Patricia Suffers Massive Losses in Crypto Assets After Security Breach

Patricia, one of Nigeria’s leading crypto marketplaces, has experienced a severe security breach that compromised its financial assets. The incident has prompted the company to take urgent steps to safeguard its user base and enhance its security framework. Click to read entire article.

EU/UK

Capita Hack: 90 Organizations Report Data Breaches to Watchdog

Around 90 organizations have reported breaches of personal data held by Capita, the outsourcing giant, according to a privacy watchdog. The company suffered a cyber attack in March 2023 and it then emerged that Capita had left a pool of data unsecured online. Click to read entire article.