Tag Archive for: Lawsuits

23andMe Blames Users for Recent Data Breach as It’s Hit With Dozens of Lawsuits

/in


It’s been nearly two years since Russia’s invasion of Ukraine, and as the grim milestone looms and winter drags on, the two nations are locked in a grueling standoff. In order to “break military parity” with Russia, Ukraine’s top general says that Kyiv needs an inspired military innovation that equals the magnitude of inventing gunpowder to decide the conflict in the process of advancing modern warfare.

If you made some New Year’s resolutions related to digital security (it’s not too late!), check out our rundown of the most significant software updates to install right now, including fixes from Google for nearly 100 Android bugs. It’s close to impossible to be completely anonymous online, but there are steps you can take to dramatically enhance your digital privacy. And if you’ve been considering turning on Apple’s extra-secure Lockdown Mode, it’s not as hard to enable or as onerous to use as you might think.

If you’re just not quite ready to say goodbye to 2023, take a look back at WIRED’s highlights (or lowlights) of the most dangerous people on the internet last year and the worst hacks that upended digital security.

But wait, there’s more! Each week, we round up the security and privacy news we didn’t break or cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

23andMe said at the beginning of October that attackers had infiltrated some of its users’ accounts and abused this access to scrape personal data from a larger subset of users through the company’s opt-in social sharing service known as DNA Relatives. By December, the company disclosed that the number of compromised accounts was roughly 14,000 and admitted that personal data from 6.9 million DNA Relatives users had been impacted. Now, facing more than 30 lawsuits over the breach—even after tweaking its terms of service to make legal claims against the company more difficult—the company said in a letter to some individuals that “users negligently recycled and failed to update their passwords following … past security incidents, which are unrelated to 23andMe.” This references 23andMe’s long-standing assessment that attackers compromised…

Source…

McLaren Health Care Hack Affected Millions; Lawsuits Pile Up

/in


Breach Notification
,
HIPAA/HITECH
,
Security Operations

Michigan Healthcare Provider Faces 7 Federal Lawsuits in Alphv/BlackCat Data Theft

Marianne Kolbasuk McGee (HealthInfoSec) •
November 13, 2023    

McLaren Health Care Hack Affected Millions; Lawsuits Pile Up
McLaren Health Care is facing seven proposed federal class action lawsuits following a recent data theft affecting nearly 2.2 million patients. (Image: McLaren)

McLaren Health Care is notifying 2.2 million individuals of a data breach weeks after ransomware group Alphv/BlackCat claimed to have stolen 6 terabytes of patient records in an August attack. In the meantime, the number of federal lawsuits filed against the Michigan-based healthcare system has more than doubled over the last month.

See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases

McLaren Health Care on Thursday reported the hacking incident to Maine’s attorney general as affecting nearly 2.19 million individuals, including 77 Maine residents.

The compromised information includes individuals’ name, Social Security number, health insurance information, birthdate, and medical information including billing or claims information, diagnosis, physician information, medical record number, Medicare/Medicaid information, prescription/medication information, diagnostic results and treatment information, McLaren said.

McLaren also reported the incident to federal regulators on Oct. 20 with a placeholder estimate of 501 individuals affected at that time. But based on McLaren’s current estimate of nearly 2.2 million individuals affected,…

Source…

McLaren Health Care Facing 3 Lawsuits in Ransomware Hack

/in


Cybercrime as-a-service
,
Fraud Management & Cybercrime
,
Governance & Risk Management

Litigation Filed Days After Alphv/BlackCat Claimed to Have Stolen Data of 2.5 Million Patients

Marianne Kolbasuk McGee (HealthInfoSec) •
October 10, 2023    

McLaren Health Care Facing 3 Lawsuits in Ransomware Hack
McLaren Health Care faces at least three proposed federal class action lawsuits so far in the aftermath of a massive data theft allegedly by Alphv/Blackcat. (Image: McLaren Health Care)

A recent attack by a Russian ransomware-as-a-service group that stole the personal information of 2.5 million patients of McLaren Health Care has triggered at least three proposed federal class action lawsuits in recent days, claiming the healthcare company failed to protect patient privacy.

See Also: Challenges and Solutions in MSSP-Driven Governance, Risk, and Compliance for Growing Organizations

The lawsuits – which each make similar allegations, including negligence by McLaren – were all filed in the same Michigan federal court by plaintiffs who are – or were – McLaren patients on behalf of themselves and others situated.

The litigation was filed only days after Alphv/Blackcat on Sept. 29 boasted on its dark web site to have stolen 6 terabytes of “sensitive data” pertaining to 2.5 million McLaren patients. The threat actor also claimed its “backdoor is still running” on McLaren’s network (see: Group Claims it Stole 2.5 Million Patients’ Data in Attack).

Attorneys filed lawsuits quickly against McLaren – even before the company notified individuals…

Source…

HanesBrands requests dismissals of ransomware lawsuits

/in


HanesBrands Inc. has filed motions — as expected — to have dismissed federal lawsuits in California and North Carolina over the May 2022 ransomware attack that cost the manufacturer about $100 million in global sales.

The N.C. lawsuit, filed in federal Middle District Court on Oct. 13, has Nicole Toussaint as the plaintiff on behalf of current and former employees. The California lawsuit Roman vs. HanesBrands was filed Oct. 7 in the Central District.

Each plaintiff is requesting class-action status.

HanesBrands disclosed in a May 31, 2022, regulatory filing that it began experiencing the ransomware attack on May 24, 2022.

Ransomware is a type of malicious software employed by hackers that can block access to a computer system until a ransom is paid. In recent years, the targets have shifted from individuals to governments, companies, nonprofits and health care systems.

People are also reading…

HanesBrands said the ransomware attack affected its global supply chain network and ability to fulfill customer orders for about three weeks. The attack resulted in a $35 million reduction in adjusted operating profit for the second quarter of fiscal 2022, while lowering adjusted earnings per share by 8 cents.

The main complaint allegation is that the ransomware attack contributed to a data breach of “certain highly sensitive personal and protected health information” that included name, address, date of birth, financial account information and government-issued identification numbers, and other health and employment accounts.

Toussaint said she wasn’t notified of the data breach until Aug. 16, 2022. Toussaint lives in Maine and was employed as an assistant manager from 2012 through 2018.

The suits ask for compensatory, punitive and other damages, as well as injunctive relief that requires HanesBrands “to strengthen its data security systems and monitoring procedures, submit to future annual audits of…

Source…