We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Law Firm Data Breaches Surge, CISA Appoints First Chief AI Officer, 5 Devious Ways Malware Can Sneak Past Your PC’s Antivirus, and more.

Recent Cyber Incidents

$2.9 Billion Hit in One of the Largest Data Breaches Ever — Full Names, Addresses, and SSNs Exposed

Regardless of how careful you are online, your personal data can still end up in the hands of hackers—and a new data breach that exposed the data of 2.9 billion people is the perfect example of this. Click to read entire article.

Data Breaches

Law Firm Data Breaches Surge

In 2023 Cybercriminals appear to be successfully hitting small and large firms alike. Click to read entire article.

Biglaw Firms Fall Prey to Cyberattacks, With Data Breaches on the Rise

Biglaw firms — and law firms, generally — continue to find themselves the victims of cyberattacks, and we’re currently on pace for 2024 to be the worst year yet for law firm data breaches. Click to read entire article.

Ransomware

Dark Angels Ransomware Receives Record-Breaking $75 Million Ransom

A Fortune 50 company paid a record-breaking $75 million ransom payment to the Dark Angels ransomware gang, according to a report by Zscaler ThreatLabz. Click to read entire article.

Healthcare

4.3 Million Americans Exposed in Massive Health Account Data Breach

Roughly 4.3 million HealthEquity customers’ personal information is at risk after hackers accessed social security numbers and health information that could result in identity theft. Click to read entire article.

Cost of a Data Breach: The Healthcare Industry

A new report by IBM and the Ponemon Institute, the 2024 Cost of Data Breach Study, details the financial impacts of attacks across multiple industries. Click to read entire article.

Evolving Threats

Users Are Getting Malware Instead of Software Updates in ISP Breach

A sophisticated Chinese cyber-espionage group, known as Evasive Panda or StormBamboo, successfully compromised an undisclosed internet service provider (ISP) to poison software updates to its users. Click to read entire article.

Ransomware Gang Targets IT Workers with New RAT Masquerading as IP Scanner
Ransomware-as-a-service outfit Hunters International is wielding a new remote access trojan (RAT). Click to read entire article.

Financial

Federman & Sherwood Investigates First Commonwealth Federal Credit Union for Data Breach

The law firm of Federman & Sherwood has initiated an investigation into First Commonwealth Federal Credit Union (“First Commonwealth”) with respect to their recent data breach. Click to read entire article.

Practical Tips And Tricks

Best Practices for Handling a Data Breach

A former employee filed a class-action lawsuit against Panera, following a data breach earlier this year. What can operators learn from this experience? Click to read entire article.

8 CX Lessons from the Microsoft/CrowdStrike Outage

The CrowdStrike/Microsoft outage in July significantly affected several businesses. Discover how it affected customer experience and tips on how CX leaders can prepare for such incidents. Click to read entire article.

5 Devious Ways Malware Can Sneak Past Your PC’s Antivirus

Protect yourself against the trickery of a well-forged e-mail. Click to read entire article.

Privacy

Meta Agrees to $1.4 Billion Settlement with Texas in Privacy Lawsuit Over Facial Recognition

Officials said Tuesday that Meta has agreed to a $1.4 billion settlement with Texas in a privacy lawsuit over allegations that the tech giant used users’ biometric data without their permission. Click to read entire article.

Public Entities

Defense Expert Warns Cyber Threats Against Critical National Infrastructure Are Evolving

Cyber threats against critical national infrastructure (CNI) are evolving and the people responsible for ensuring these assets’ security must develop greater awareness, a defence expert has warned. Click to read entire article.

A New Plan to Break the Cycle of Destructive Critical Infrastructure Hacks

As digital threats against US water, food, health care, and other vital sectors loom large, a new project called UnDisruptable27 aims to help fix cybersecurity weaknesses where other efforts have failed. Click to read entire article.

Regulatory

United States: SolarWinds Landmark Ruling — Amid Defense Victories, Questions Remain on Individual Liability and Material Misstatements of Fact

In a landmark decision on July 18, 2024, Judge Paul Englemayer of the Southern District of New York dismissed most charges in the SEC’s enforcement action against SolarWinds and its CISO, Timothy Brown. Click to read entire article.

CISA and JCDC Conduct First-Ever Public-Private AI Security Incident Tabletop Exercise

On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) collaborated with the Joint Cyber Defense Collaborative (JCDC) to hold the federal government’s first tabletop exercise for AI security incidents. Click to read entire article.

CISA Appoints First Chief AI Officer

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken a pioneering step in the realm of artificial intelligence and cybersecurity by appointing its first Chief Artificial Intelligence Officer, Lisa Einstein. This move, announced on August 1, 2024, underscores the growing importance of AI in national security and sets a precedent that other organizations may soon follow. Click to read entire article.

DOJ Enforcing False Claims Act for Cybersecurity Non-Compliance

The U.S. False Claims Act (FCA), traditionally associated with combating fraud in government contracts and programs, is increasingly being applied to cybersecurity non-compliance. The shift highlights the growing importance of robust cybersecurity practices for organizations, especially those engaged in federal contracts. The implications for whistleblowers and prosecutors from the U.S. Department of Justice (DOJ) are significant, with recent cases underscoring this trend. Click to read entire article.

Telecom

Half of Workers in Critical Industry Hit by Cyberattacks — IoT Is to Blame, Says Verizon

More than half of workers in critical industrial sectors have experienced “severe security incidents” that have led to data loss or system downtime, and industrial IoT devices have been blamed. Click to read entire article.

UK

UK Data Breach Costs Climb to £3.58 Million, Financial Sector Hit Hard

The average cost of a data breach in the UK rose to £3.58 million between March 2023 and February 2024, marking a 5% increase from the previous year and reversing a previous decline. Click to read entire article.

Threat Actors Breached UK-Based Mobile Device Management Firm Mobile Guardian and Remotely Wiped Thousands of Devices

Hackers breached the mobile device management (MDM) firm Mobile Guardian, the company detected unauthorized access to iOS and ChromeOS devices on August 4th. Click to read entire article.