Higher Ed Falls Victim to New Data Breach

By: Linda Perkins

On April 2, 2019, The Georgia Institute of Technology (Georgia Tech) announced that it had sustained a data breach when one of its central databases was accessed by an unknown outsider through a web application, thereby exposing the personal information of up to 1.3 million current and former faculty members, students, staff and student applicants. Local news organizations report that information security officials at the university are continuing to investigate the incident to determine the extent to which its systems were compromised and to identify those individuals whose information was compromised. …

The $29 Million Yahoo Derivative Data Breach Settlement: What Next?

By: Sedgwick Jeanite and Meryl Breeden

On January 4, 2019 a federal district court in California approved a $29 million settlement in a shareholder derivative lawsuit against former Yahoo directors and officers regarding high-profile data breaches at Yahoo between 2013 and 2016. The settlement is a noteworthy departure from other breach-related derivative suits – which have been largely unsuccessful. As the number of data breach derivative lawsuits against directors and officers continues to increase, the relatively large size of this settlement may create valuation expectations that will drive up the settlement costs of other pending and future data breach-related derivative cases.

Best Practices For Personal Data Security #DataPrivacyDay

By: Linda Perkins

January 28 is Data Privacy Day, a designated day to remind consumers, businesses and government agencies worldwide of the importance of personal data security and the need to protect it. It is true that, in many respects, we live in a world that can be accurately described as “data insecure.” It is also true, however, that if we remind ourselves often enough that personal data security and privacy is a critical concern for everyone, then perhaps we will improve our chances of becoming a more “data secure” world for individual consumers and businesses alike.

First Joint Cross-State HIPAA Breach Lawsuit Brought in Response to 2015 Cyberattack

By: Michael Jervis

A lawsuit has been filed by the attorneys general of 12 states against a company called Medical Informatics Engineering (MIE) arising out of a 2015 data breach involving stolen medical records for millions of individuals. The complaint generally alleges that MIE and its subsidiary NoMoreClipboard “failed to take adequate and reasonable measure to ensure their computer systems were protected.” The attackers compromised MIE’s WebChart application and as a result were able to obtain personal information for nearly 4 million individuals who were patients of affected providers that used the software. The information obtained included the kind of personally identifiable information typical for such breaches, including names, home addresses, birth dates, social security numbers, email addresses and passwords. …

Five Quick Thoughts on Dittman

By: Joshua Mooney

Recently, the Supreme Court of Pennsylvania issued a landmark decision in Dittman v. UPMC, 2018 Pa. LEXIS 6051 (Pa. Nov. 21, 2018) in which employers now have an independent duty to protect employee data from cyberattacks. The case was explained in an alert published last week. Here are five quick thoughts on the decision: …

Marriott’s Starwood Data Breach Could Expose 500 Million Customers

By: Andrew Lipton

On November 30, 2018 Marriott International announced that hackers gained “unauthorized access” to the Starwood brand reservation database, potentially compromising the accounts of approximately 500 million guests. According to company officials, the hackers “copied and encrypted [guests’] information, and took steps toward removing it” beginning in 2014. This information included names, phone numbers, email addresses, passport numbers, dates of birth and guest’s travel itinerary information. Marriott allegedly discovered the data breach last week. …

Significant Vulnerability Discovered in Software Platform Serving Close to 2,000 Banks

By: Michael Jervis

KrebsOnSecurity recently reported a vulnerability found in perhaps little-known but widely used financial services software which powers the websites of thousands of banks. The exposure allowed even a mildly clever user to view financial account details for accounts that did not belong to the user. …

No Coverage for Seafood Importer Netted in Phishing Scam

By: Josh Mooney

On April 16, 2018, Beazley Group issued a report highlighting increased attacks on Microsoft’s cloud-based business products and services. The report stated that successful attacks typically are achieved by tricking employees into opening spoofed emails with malicious links or fraudulent instructions to credential harvest. These attacks allow hackers entry into the insured’s system, where they can search for personal information and bank records to initiate wire transfers or redirect payments to hacker-controlled bank accounts. …

Washington Suburb Targeted by Cybercrime and Ransomware Attacks

A recent report from The Seattle Times provides details on a series of social engineering and ransomware attacks successfully perpetrated on a Seattle suburb during the second half of 2017. The incidents of cyber scams demonstrate the pervasive nature of these financial crimes, the need for increased vigilance and the challenges that require policies and procedures designed to prevent financial harm. …