Cyber Risk News

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack, Capita Faces Class Action Lawsuit After Data Breach, Atomic Wallet Heist: Hackers Utilize THORchain to Mask $35 Million Stolen Funds, and more.

Ransomware Corner

Onix Group Sued for Failing to Prevent Ransomware Attack and 320K-Record Data Breach

Onix Group, a Pennsylvania-based real estate development firm and provider of business management and consulting services, is being sued for failing to prevent a ransomware attack in which the hackers stole the protected health information of 320,000 individuals. Click to read entire article.

Harvard Pilgrim Health Care Ransomware Attack Hits 2.5 Million People

Harvard Pilgrim Health Care (HPHC) has disclosed that a ransomware attack it suffered in April 2023 impacted 2,550,922 people, with the threat actors also stealing their sensitive data from compromised systems. Click to read entire article.

BlackCat Claims They Hacked Reddit and Will Leak the Data

Operators broke into Reddit on February 5, 2023, and took 80 gigabytes (zipped) of data. Reddit was emailed twice by operators, once on April 13 and again on June 16. Click to read entire article.

Technology

Microsoft Confirms Recent Service Outages Were DDoS Attacks, Offers Protection Tips

Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359. Click to read entire article.

Retail

Don Roberto Settles Data Breach Lawsuit

Don Roberto Jewelers, a 90-store chain based in San Clemente, Calif., has agreed to a $4 million settlement, following a 2021 data breach, which exposed the personal information of some 185,000 customers. Click to read entire article.

Snack Food

Snack Food Company Mondelez Warns Employees of Data Theft

Mondelez, the U.S. manufacturer of Oreo cookies and Milka chocolate, has warned employees that their personal data has been compromised through a breach at the law firm Bryan Cave, which provides legal services to Mondelez and other Fortune 500 companies. Click to read entire article.

Financial Services

FirstBank Puerto Rico Announces Data Breach After Cyberattack at MIAC

On June 8, 2023, Mortgage Industry Advisory Corporation (“MIAC”) filed a notice of data breach on behalf of FirstBank Puerto Rico after MIAC determined that a cyberattack targeting the company’s IT network resulted in FirstBank customer data being leaked. Click to read entire article.

Umpqua Bank Said It’s Part of Data Hack, No Proof Yet of Breach

Umpqua Bank is alerting its customers about a data breach. It said it involves the same hack that pulled data from Oregon’s Department of Transportation driver’s license database this month. The State of Oregon said 3.5-million Oregonians’ personal data could be hacked in a data breach of the state’s transportation department. The United States Department of Homeland Security is investigating the MOVEit hack as a Russian cyberattack. Click to read entire article.

Background Check

Creative Services Data Breach $1.2M Class Action Settlement

Creative Services Inc. (CSI) agreed to pay $1.2 million to resolve claims it failed to prevent a 2021 data breach that compromised sensitive employee and consumer information. Click to read entire article.

Healthcare

4 Health Systems Facing Lawsuits for Data Breaches

Several hospitals and health systems across the U.S. are facing lawsuits regarding data breach incidents that involved patients’ protected health information. Click to read entire article.

Apria Healthcare Hit with Class Action Over Data Breach Affecting 1.8M People

The 45-page lawsuit says that Apria, a provider of home medical equipment and services for sleep apnea, wound care and diabetes, announced in May 2023 that unauthorized third parties had accessed its network at various times between April 5 and May 7, 2019, and again between August 27 and October 10, 2021. Click to read entire article.

Legal Investigation Looks into PharMerica Data Breach: Was Your Info Exposed?

The pharmacy services provider recently announced that an unauthorized third party had gained access to its computer systems and obtained patients’ highly sensitive data – including their names, dates of birth, Social Security numbers, medication lists and health insurance information. Click to read entire article.

16,000 Vermont Health Insurance Customers Affected by Data Theft, More Than Previously Known

The cyberattack mostly impacted members of Vermont Blue Advantage, but other insurance plan holders were also affected. Click to read entire article.

Public Entity

The Washington Department of Licensing Agreed to Pay $3.6 Million to Resolve Claims That It Failed to Prevent a 2022 Data Breach

Plaintiffs in the data breach class action lawsuit claim that the Washington Department of Licensing could have prevented the security incident through reasonable cybersecurity measures but failed to do so out of negligence. The 2022 data breach compromised sensitive information such as licensing information, Social Security numbers, birth dates and ID numbers. Click to read entire article.

Thousands May Have Had Personal Info Exposed in January Cyberattack, DMPS says

Nearly 6,700 people may have had their personal information exposed in a January cyberattack against Des Moines Public Schools, the district said. Click to read entire article.

GOHSEP Announces Additional Safety Steps to Protect Against MOVEit Cyber Breach

The Governor’s Office of Homeland Security and Emergency Preparedness (GOHSEP) announced that additional information has been added to the website nextsteps.la.gov to help Louisianans better protect themselves against identity theft in light of a recent MOVEit cybersecurity breach in Louisiana as well as several other states and countries. Click to read entire article.

Higher Ed

UTMC Involved in Fortra Data Breach

The U.S. Department of Health and Human Services recently announced the discovery of a data breach involving cybersecurity company Fortra, which may have affected more than four million people worldwide. This attack specifically targeted medical data, including data at the University of Toledo Medical Center. Click to read entire article.

USG Says Data May Have Been Exposed in Breach

The University System of Georgia said cybercriminals likely had access to data stored in software that is used across the system, including at the University of Georgia. The breach is related to the MOVEit Secure File Transfer and Automation software, which USG and UGA use to store and transfer sensitive data, according to a statement from USG. The software’s creator, Progress Software, identified a defect in the program that may have exposed data. Click to read entire article.

Crypto

Atomic Wallet Heist: Hackers Utilize THORchain to Mask $35 Million Stolen Funds

In a shocking revelation, blockchain detective MistTrack has unveiled the masterminds behind the audacious $35 million theft from Atomic Wallet. The perpetrators, exhibiting unparalleled expertise in the field, cunningly employed the cross-chain liquidity protocol THORChain to obfuscate their illicit activities and launder the stolen funds. Click to read entire article.

Africa

Data Breach: Banks, Telcoms, Oil Firms To Lose 2% Revenue, Says FG

The Nigeria Data Protection Commission (NDPC) has disclosed that henceforth commercial banks, telecommunications companies, and other organizations will now lose two percent of their annual revenue to the federal government for any breach of their customers’ data, thegazellenews.com reports. Click to read entire article.

Asia Pacific

Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack

The Office of the Australian Information Commissioner (OAIC) says some of its files were stolen in a ransomware attack on law firm HWL Ebsworth. Click to read entire article.

Medibank’s Staff Details Stolen After Property Manager Faces Cyber Breach

Australia’s largest private health insurer Medibank Private said a file containing names and contact details of staff members had been compromised after its property manager faced a cybersecurity breach. Click to read entire article.

Japan’s Largest Port Stops Operations After Ransomware Attack

The Port of Nagoya, the largest and busiest port in Japan, has been targeted in a ransomware attack that currently impacts the operation of container terminals. The port accounts for roughly 10% of Japan’s total trade volume. It operates 21 piers and 290 berths. It handles over two million containers and cargo tonnage of 165 million every year. Click to read entire article.

EU/UK

European Investment Bank Attacked, Hackers Claiming to “Impose Sanctions on EU”

The pro-Russian Killnet hackers group claimed on their Telegram to have targeted the inter-network infrastructure of the EIB. Click to read entire article.

Capita Faces Class Action Lawsuit After Data Breach

Barings Law has launched a lawsuit against Capita. Click to read entire article.

Pro-Russia Hacker Group Claims Major DDoS Attack on the Port of Rotterdam

The Port of Rotterdam, the largest seaport in Europe, reportedly suffered a major cyber attack that knocked off its official website for hours. Click to read entire article.

Hackers Warn University of Manchester Students of Imminent Data Leak

The ransomware operation behind a cyberattack on the University of Manchester has begun to email students, warning that their data will soon be leaked after an extortion demand was not paid. The threat actors claim to have stolen 7 TB of data from the University of Manchester during a June 6th cyberattack in an email sent to students and shared with BleepingComputer. Click to read entire article.


Vol. 258 – July 19, 2023

Download 2024 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download

© 2024 NetDiligence All Rights Reserved.