We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: LoanDepot Says 16.9 Million Customers Impacted, Xfinity-Comcast Customers Eligibility for Compensation Following Recent Data Breach, Significant Data Breach at Los Angeles International Airport, and more.

Financial Services

LoanDepot Says 16.9 Million Customers Impacted by January Data Breach

LoanDepot said Feb. 23 that a data breach that impacted the company in January affected 16.9 million customers. In the breach that occurred Jan. 3 through Jan. 5, hackers acquired names or other personal identifiers in combination with Social Security numbers, the financial services company said in a filing with the Office of the Maine Attorney General. Click to read entire article.

Webster Bank, Guardian Analytics Data Breach $1.4M Class Action Settlement

Webster Bank, Guardian Analytics and Actimize have agreed to a class action lawsuit settlement to resolve claims that they failed to protect customers’ personally identifiable information (PII) during a data breach in which an unauthorized third party gained access to Guardian’s systems. Click to read entire article.

Fairway Independent Mortgage Corporation Confirms Data Breach Following “Operational Incident” Involving Third-Party Vendo

On February 2, 2024, Fairway Independent Mortgage Corporation (“Fairway”) filed a notice of data breach with the Attorney General of Massachusetts after discovering that an unauthorized user had accessed a third-party system utilized by Fairway. In this notice, Fairway explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security number, dates of birth, addresses, bank account information and credit card account numbers. Click to read entire article.

Crossroads Equipment Lease & Finance

Crossroads Equipment Lease & Finance was targeted in a ransomware attack on April 1, 2023, which encrypted its computer systems and prevented access to important digital data. The breach disrupted the company’s ability to complete ACH payments and other crucial business operations. Click to read entire article.

Shipping

67,000 U-Haul Customers Impacted by Data Breach

U-Haul says customer information was compromised in a data breach involving a reservation tracking system. The incident, the company says, was identified in early December 2023 and involved unauthorized access to a system that allows U-Haul Dealers and Team Members to track reservations and view customer records. Click to read entire article.

Healthcare

Outages From Cyberattack at Unitedhealth’s Change Healthcare Extend to Seventh Day as Pharmacies Deploy Workarounds

Change Healthcare’s systems are down for the seventh straight day after a cyber threat actor gained access to its network last week. Parent company UnitedHealth Group said most U.S. pharmacies have set up electronic workarounds to mitigate the impact. Click to read entire article.

medQ Confirms Data Breach After Software Encryption Incident

On February 23, 2024, medQ, Inc. filed a notice of data breach with the Attorney General of Maine after discovering that hackers accessed and encrypted a software platform used by medQ. In this notice, medQ explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, driver’s license numbers, dates of birth, health information, diagnoses, lab results, medications, treatment information, and health insurance and claims information. Click to read entire article.

Technology

Xfinity-Comcast Customers Eligibility for Compensation Following Recent Data Breach (NASDAQ: CMCSA)

Xfinity/Comcast (NASDAQ:CMCSA) recently suffered a massive data breach affecting more than 35.8 million Xfinity customers. Personal information such as usernames and hashed passwords, names, contact information, partial social security numbers, dates of birth and secret questions and answers for some of its customers have been compromised. Click to read entire article.

Wyze Data Breach Allowed 13,000 Customers to View Other People’s Homes

The number of consumers impacted by a Wyze data breach has ballooned to 13,000, days after the wireless camera company’s CEO said the company identified 14 people who were able to briefly see into homes not belonging to them. Click to read entire article.

Retail

Golden Corral Data Breach Lawsuit Says Unauthorized Party Stole Consumers’ Private Info

Golden Corral faces a proposed class action lawsuit that alleges lax cybersecurity on the part of the buffet-style restaurant chain is to blame for a significant August 2023 data breach. According to the case, filed by a former Golden Corral employee, consumers’ names, mailing and email addresses, phone numbers, dates of birth, Social Security numbers and other sensitive details were potentially accessed by those responsible for the cyberattack. Click to read entire article.

Walmart Spark Delivery Drivers Face Security Breach: Personal Data Exposed

Walmart faces a significant security breach impacting Spark delivery drivers, leading to unauthorized access to sensitive information. Learn about the immediate response, challenges with app security, and the focus on enhancing security measures and supporting affected drivers. Click to read entire article.

Real Estate

Real Estate Co. Resolves Employee, Tenant Data Breach Suit

Property manager and redeveloper Centerspace LP has settled a putative class action accusing the company of violating state law by waiting nearly eight months to notify the more than 8,000 victims. Click to read entire article.

Education (Online Learning)

EdisonLearning Breach in 2023 Subject of Class-Action Inquiry as Official Notification is Posted

Attorneys working with ClassAction.org are “investigating whether a class-action lawsuit can be filed” against EdisonLearning on behalf of individuals whose name and Social Security number were among files stolen during a ransomware attack in early March 2023. Click to read entire article.

Air Travel

Significant Data Breach at Los Angeles International Airport Admitted by IntelBroker

The Los Angeles International Airport had a database containing 2.5 million records exposed by IntelBroker following a cyberattack against one of its customer relationship management systems conducted this month, reports Hackread. Click to read entire article.

Canada

Canada’s RCMP, Global Affairs Hit by Cyberattacks

The RCMP did not share details on the nature and extent of the attack, saying that it was working with partner Canadian government agencies “to continue assessing the breadth and scope of the security breach and hold those responsible accountable.” Click to read entire article.

Asia

Kobe Residents Sue City Over Privacy Breach in SDF Recruitment Data Sharing

In a bold assertion of their right to privacy, six Kobe residents have turned to the legal system, challenging what they perceive as an overstep by their city administration. At the heart of their grievance is an incident that unfolded quietly but has since sparked public outcry and a broader conversation about privacy rights in Japan. Click to read entire article.