We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Ransomware Group Files SEC Complaint, Chocolate Maker Hershey Breached in Phishing Attack, Iran-Linked Cyberattacks Threaten Equipment Used in U.S. Water Systems and Factories, Fraudsters Attack booking.com, and more.
Healthcare
Blue Shield of California Discloses Data Breach, Number of Members Impacted Unclear
Data on Blue Shield of California members may have been exposed due to a vulnerability in the MOVEit file transfer platform. Click to read entire article.
Medical Company’s Data Breach Affects Millions in NY. How You Can Prevent Identity Theft
About four million New Yorkers were affected by a medical transcription companies’ data breach earlier this year and New York Attorney General Letitia James is urging impacted individuals to take steps to protect themselves from potential identity theft. Perry Johnson & Associates, a Nevada-based company that provides transcription services to health care organizations and physicians for dictating and transcribing patient notes, became aware of a breach affecting their systems in May. Click to read entire article.
The Michigan Attorney General Announced That Corewell Health Suffered a Data Breach Affecting Michigan Residents
The names, dates of birth, email addresses, phone numbers, medical diagnoses, health insurance information and Social Security numbers for about one million Corewell Health patients were compromised in the breach. Click to read entire article.
State of Maine Reports 450,000-Record Data Breach
The State of Maine has confirmed that the protected health information of 453,894 individuals was stolen in the recent mass hacking of a zero-day vulnerability in Progress Software’s MoveIT Transfer solution. Click to read entire article.
Ransomware
Ransomware Group Files SEC Complaint Over Victim’s Failure to Disclose Data Breach
Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers. Click to read entire article.
A Ransomware Gang Wanted Its Victim to Pay Up. So It Went to the SEC.
New disclosure rules potentially heighten risk for corporate victims of cybercrimes. Click to read entire article.
Financial Services
Dozens of Credit Unions Confront Outages Linked to Third-Party Ransomware Attack
About 60 credit unions are contending with outages due to a ransomware attack against Trellance, a third-party IT vendor for the industry, the National Credit Union Administration said Friday. Click to read entire article.
K-12 Education
Thousands of Louisiana Teachers and Students Had Their Information Leaked After Cyberattack, but Were Never Notified
Reporters informed victims that their Social Security numbers and other info was leaked after the district may have violated state breach notice law. Click to read entire article.
Manufacturer
Chocolate Maker Hershey Breached in Phishing Attack
Hershey, one of the world’s largest chocolate makers, is investigating a phishing attack during which malicious actors obtained a “limited number of Hershey email accounts,” together with sensitive personal information such as credentials and financial accounts. Click to read entire article.
National Infrastructure
Iran-Linked Cyberattacks Threaten Equipment Used in U.S. Water Systems and Factories
The cyberattacks have spanned multiple states, CISA said. While the equipment in question, “Unitronics Vision Series programmable logic controllers,” is predominately used in water and wastewater systems, companies in energy, food and beverage manufacturing, and healthcare are also under threat. Click to read entire article.
Retail
Staples Confirms System Outage Was Due to Cyber Attack, Raising the Possibility of a Data Breach
Earlier this week, Staples, Inc. confirmed that it was the recent victim of a cyberattack, requiring the company to shut down portions of its computer network. While Staples is still in the process of bringing its systems back online, it expects normal operations will resume shortly, at which point the company will then investigate whether any employee or customer data was affected. Click to read entire article.
Auto Industry
Berglund Management Group Notifies Over 50K People of Data Breach
A Roanoke-based car dealership has announced that a data breach has reportedly impacted over 50,000 people. Click to read entire article.
Public Entity
Port St. Lucie Police System Offline Due to Network Breach: Reports Delayed and Safety Measures Escalated
The Port St. Lucie Police Department (PSLPD) said since October 27, its computer-aided dispatch and report management system has been offline due to the network breach that recently occurred in St. Lucie County. Click to read entire article.
EU/UK
Fraudsters Attack Booking.com Customers After Hacking Hotels
Cybersecurity researchers have warned people about a new scam that is targeting Booking.com customers by posting advertisements on the Dark Web, asking for help finding victims. Hackers are targeting accommodation listed on the platform to impersonate staff members. Click to read entire article.
‘Thousands’ of Sales Still in Limbo After Cyber Attack at CTS Conveyancing Platform
The number of house sales hit by a ‘cyber incident’ at conveyancing tech firm CTS are in the thousands with one leading lender reporting 600 property purchases stuck in limbo following the attack last week. Click to read entire article.
Canada
Ontario Hospitals Hit by Class Action Following Cyberattack
Five Ontario hospitals and their IT service provider are facing a proposed class action lawsuit following a cyberattack that exposed sensitive patient records. Click to read entire article.
Asia Pac
Hackers Steal Ancestry, Health-Related Data From 23andMe
Genetic testing company 23andMe announced a recent data breach where hackers accessed around 14,000 customer accounts. The stolen data generally included ancestry information and health-related information based on genetics. The hackers also accessed a significant number of files containing profile information about other users’ ancestry through the DNA Relatives feature. Click to read entire article.
