We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Top Insurance Journal Cyber Stories of 2023, Xfinity Hack Affects Nearly 36 Million Customers, State Workers Can Bring Data Breach Class Action, and more.
Ransomware Corner
The INC RANSOM Ransomware Group Claims to Have Hacked the American Multinational Corporation Xerox Corp
The INC RANSOM ransomware group claims responsibility for hacking the American multinational corporation Xerox Corp and threatens to disclose the alleged stolen data. Click to read entire article.
Financial Services
US Lender Exposes 14,000,000 Social Security Numbers, Bank Account Numbers and Other Sensitive Information in Massive Data Breach
One of the largest mortgage lenders in the country just suffered a massive security breach that enabled hackers to access the personal information of millions of customers. In a filing with the Office of the Maine Attorney General, the home loan services company Mr. Cooper reveals that bad actors stole sensitive information belonging to 14,690,284 Americans during a cyberattack in late October. Click to read entire article.
First American Financial Confirms Threat Actors Stole and Encrypted Data
The title insurance giant said the cyberattack is contained, but it is still working to determine whether the incident will have a material impact. First American Financial said the threat actors behind a previously disclosed Dec. 20 cyberattack accessed and stole non-production systems company data, which was later encrypted, according to an amended 8-K filing on Friday with the Securities and Exchange Commission. Click to read entire article.
Tech
Xfinity Hack Affects Nearly 36 Million Customers. Here’s What to Know.
A security breach at Comcast-owned Xfinity has exposed the personal data of nearly all the internet provider’s customers, including account usernames, passwords and answers to their security questions. Comcast said in a filing with Maine’s attorney general’s office that the hack affected 35.8 million people, with the media and technology giant notifying customers of the attack through its website and by email, the company said Monday. The intrusion stems from a vulnerability in software from cloud computing company Citrix, according to Comcast. Click to read entire article.
EasyPark Data Breach May Affect Millions of Customers
EasyPark has confirmed it was hit in a cyberattack that saw customer data breached and revealed online. The company, which runs apps to help people find parking spots, said in an alert to customers that it discovered the breach on December 10, 2023. Click to read entire article.
EMS
Fallon Ambulance Service Data Breach Impacts 911K Individuals
The now-defunct ambulance service suffered a data breach when a threat actor accessed its data storage archive. Fallon Ambulance Service, a medical transportation company that served the greater Boston area, reported a data breach that impacted more than 911,000 individuals. Fallon was a subsidiary of Transformative Healthcare until December 2022, when it ceased operations. Click to read entire article.
Healthcare
Cyberattack on Massachusetts Hospital Disrupted Records System, Emergency Services
The string of damaging cyberattacks against U.S. healthcare facilities continued this week as an incident knocked out the electronic health records system at a Massachusetts hospital and caused the facility to turn away ambulances on Christmas Day. Click to read entire article.
ESO Solutions Faces Class Action Lawsuit Allegations in Wake of Data Breach
ESO Solutions is facing a pair of class action lawsuits in federal court in Austin, Texas, claiming the company did not properly protect the health information and personal identifying information (PII) of customers. Around Sept. 17, nearly 2.7 million individuals had their data accessed in the ESO data breach. Click to read entire article.
Akumin Corp. Faces Class Action After Data Breach Allegedly Compromises Health Info
Plaintiff Fred Baker claims data security failures on behalf of Akumin allowed hackers to access personally identifiable information and protected health information stored on the company’s network. Baker argues Akumin ultimately failed to properly safeguard, secure and adequately destroy consumers’ “sensitive personal identifiable information that it had acquired and stored for its business purposes.” Click to read entire article.
Pan-American Life Insurance Group Reports 105,000-Record Data Breach
Pan-American Life Insurance Group, Inc. (PALIG) has recently confirmed that it was one of the victims of the Clop hacking group, which exploited a zero-day vulnerability in Progress Software’s MOVEit Transfer file transfer solution in late May 2023. Click to read entire article.
Welltok Announces Data Breach That May Affect CHI Memorial Patients
Welltok, Inc. shared a data breach notice that may affect some people’s private information, including CHI Memorial patients. Welltok is a company that provides a healthcare consumer platform. The company’s website says Welltok helps employers and providers connect users with personalized health improvement resources. Click to read entire article.
Class-Action Lawsuit Filed Against Integris Health Following Data Breach
The class-action lawsuit claimed Integris Health did not notify its patients of the breach until extortion emails were sent out by cybercriminals. Click to read entire article.
Cyber Insurance
Top Insurance Journal Cyber Stories of 2023
Data breaches, lawsuits, and ongoing conversations about cyber war exclusions gave Insurance Journal readers much to talk about regarding cyber insurance in 2023. Click to read entire article.
Public Entities
State Workers Can Bring Data Breach Class Action
State employees alleging that their personal information was misused after a data breach at the Rhode Island Public Transit Authority had standing to bring a class action against the agency, a Providence Superior Court judge has ruled. Hackers stole the Social Security numbers, Medicare identification numbers, and other personal information of several thousand current and former state workers in August 2021, when they gained access to RIPTA’s computer system. Click to read entire article.
Amusement Parks
CBS, Paramount-Parent National Amusements Reports Hack Affecting Over 80,000 People
National Amusements, the parent company of CBS and Paramount, disclosed a year-old hack this month that affected 82,128 individuals. TechCrunch initially reported on the breach, revealed in a legal filing with Maine’s Attorney General under a 2005 state digital privacy law. National Amusements has not made any public comment on the breach beyond the legal filing, leaving it unclear whether customer or strictly employee data was stolen. Click to read entire article.
Genealogy
23andMe Hack: The Legal Fallout From the Breach and What It Means in PA
In October of 2023, a hacker claimed online that they had 23andMe users’ profile information. We know this as a result of 23andMe’s required statement to the U.S. Securities and Exchange Commission (SEC) on December 1, 2023. Although only a very small amount of accounts are believed to have been fully accessed at this time (roughly 0.01% of accounts), millions of peoples’ profile information about their ancestry has been compromised. 23andMe estimates that roughly 5.5 million “DNA Relatives” profile files were accessed, and 1.4 million users had their DNA Relatives feature accessed. Click to read entire article.
Canada
Theft of Vancouver Rape Crisis Centre Server Containing Sensitive Data Raises Privacy Concerns
Cybersecurity experts are warning of “significant” data privacy risks after a Vancouver rape crisis centre told clients and donors a computer server containing their sensitive personal information and banking details was stolen from its office last month. Click to read entire article.
