Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. 2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. Insurers should: Establish a Formal Cyber Insurance Risk Strategy.

Insurance 77

Insurance Financial Services Cybersecurity Risk 77

Krebs on Security

APRIL 27, 2023

This misconfigured Salesforce Community site from the state of Vermont was leaking pandemic assistance loan application data, including names, SSNs, email address and bank account information. But after being presented with a document including the Social Security number of a health professional in D.C.

Access 295

Access Information Security Authentication Communications 295

Security Affairs

DECEMBER 28, 2022

The chief executive of insurance giant Zurich warns that cyber attacks, rather than natural catastrophes, will become uninsurable. Mario Greco, chief executive of insurer giant Zurich, has warned that cyber attacks will become soon “uninsurable.”. What will become uninsurable is going to be cyber,” Mario Greco told the Financial Times.

Insurance 94

Insurance Risk Ransomware IT 94

Security Affairs

FEBRUARY 22, 2022

The attack took place on October 25, 2021, as reported by the data breach notification letter shared with the U.S. “On or around October 25, 2021, Meyer was the victim of a cybersecurity attack by an unauthorized third party that impacted our systems and operations. . Attorney General offices of Maine and California.

Data breaches 107

Data breaches Insurance Ransomware Cybersecurity 107

Security Affairs

SEPTEMBER 28, 2023

The company provides HVAC (heating, ventilation, and air conditioning), solutions for building automation, fire and security systems, and components for energy management. The company provides HVAC (heating, ventilation, and air conditioning), solutions for building automation, fire and security systems, and components for energy management.

Ransomware 123

Ransomware Insurance Cybersecurity Encryption 123

Security Affairs

OCTOBER 9, 2021

American media conglomerate Cox Media Group (CMG) was hit by a ransomware attack that took down live TV and radio broadcast streams in June 2021. The American media conglomerate Cox Media Group (CMG) announced it was hit by a ransomware attack that caused the interruption of the live TV and radio broadcast streams in June 2021.

Ransomware 107

Ransomware Insurance Encryption Passwords 107

Hunton Privacy

NOVEMBER 15, 2023

Patrick Gunning from King & Wood Mallesons reports that, on November 2, 2023, the Australian Information Commissioner filed proceedings in the Federal Court of Australia against Australian Clinical Labs Limited seeking a civil penalty ( i.e. , a fine) in connection with the company’s response to a data breach that occurred in February 2022.

Data breaches 128

Data breaches Privacy Risk Information Security 128

Security Affairs

NOVEMBER 10, 2023

The security breach exposed the sensitive personal information of 2,192,515 people. “On August 31, 2023, McLaren learned the unauthorized actor had the ability to acquire certain information stored on the network during the period of access. It is a $6.6 The company also notified U.S. ” continues the notice.

Data breaches 116

Data breaches Ransomware Insurance Manufacturing 116

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance 40

Insurance Cybersecurity Data breaches Financial Services 40

eSecurity Planet

JANUARY 21, 2021

It includes multi-disciplinary risk and compliance management solutions and tools, including: IT & security risk management. IT governance and security. RSA Archer. Back to top. The RSA Archer Suite can be customized for organizations of all sizes and industries. Enterprise & operational risk management. LogicManager.

Compliance 67

Compliance Risk Government Retail 67

Data Matters

JUNE 24, 2021

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information. SEC Statement and Guidance on Public Company Cybersecurity Disclosures.

Cybersecurity 66

Cybersecurity Financial Services Risk Compliance 66

Security Affairs

JANUARY 7, 2022

FIN7 using this technique to target businesses in the transportation and insurance industries since August 2021, while it started targeting defense firms since November 2021. The gang is using weaponized USB devices with the LilyGO logo, which are sent to the victims via United States Postal Service and United Parcel Service.

Insurance 90

Insurance Ransomware Access Security 90

Security Affairs

NOVEMBER 8, 2023

We did not pay a ransom and we are aware that data connected to the cyber incident has been published.” Chatham-Kent Health Alliance reported that threat actors had access to data belonging to 1446 employees who worked in the hospital as of February 2021. TransForm is a non-profit group that provides IT services to the above hospitals.

Ransomware 121

Ransomware Insurance Access Phishing 121

Security Affairs

APRIL 11, 2022

SuperCare Health disclosed a security breach that has led to the exposure of personal information belonging to its patients, patients/members of its partner organizations and others. The security breach was discovered on July 27, 2021, when the company IT personnel noticed unauthorized activity on some systems.

Data breaches 81

Data breaches Cybersecurity Insurance Security 81

Security Affairs

AUGUST 17, 2021

Colonial Pipeline discloses a data breach of the personal information of thousands of individuals after the ransomware attack that took place in May 2021. Colonial Pipeline has started notifying more than 5000 people that had their personal information compromised after a ransomware attack that took place in May. Source WSJ.

Data breaches 108

Data breaches Ransomware Military Insurance 108

Security Affairs

SEPTEMBER 8, 2024

Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security 98

Security Data breaches Artificial Intelligence Ransomware 98

Security Affairs

APRIL 8, 2021

Group-IB , a global threat hunting and adversary-centric cyber intelligence company, discovered that user data of the Swarmshop card shop have been leaked online on March 17, 2021. The cardshop has been operating since at least April 2019, and by March 2021, it had more than 12K user base and over 600K payment card records on sale.

Passwords 109

Passwords Insurance Personal data Sales 109

Security Affairs

JUNE 12, 2021

The security breach affected a subsidiary Audi and authorized dealers in the U.S. According to a letter sent by the company to the Maine Attorney General and reported by TechCrunch , the subsidiary company left customer data spanning 2014 to 2019 unsecured online between August 2019 and May 2021. million of its customers.

Data breaches 129

Data breaches Sales Insurance Marketing 129

Data Protection Report

JUNE 2, 2021

On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019. NYDFS Cybersecurity Regulation.

Cybersecurity 71

Cybersecurity Insurance Financial Services Phishing 71

Security Affairs

JANUARY 4, 2022

The attack took place on October 15, 2021, when threat actors breached the hospital’s network and accessed patient data. The healthcare system discovered the security breach on October 19, and reported the incident to local authorities, it also hired a third-party cybersecurity expert to help with the investigations.

Data breaches 90

Data breaches Passwords Insurance Access 90

Security Affairs

NOVEMBER 22, 2021

Utah Imaging Associates (UIA) discloses a security breach, on September 4, 2021 the company claims to have detected and blocked a cyber attack. The healthcare provider promptly secured its infrastructure with the help of a specialized third-party cybersecurity firm. Utah Imaging Associates also notified the U.S.

Data breaches 95

Data breaches Insurance Security Cybersecurity 95

Security Affairs

FEBRUARY 28, 2024

BlackCat/ALPHV ransomware gang has been active since November 2021, the list of its victims is long and includes industrial explosives manufacturer SOLAR INDUSTRIES INDIA , the US defense contractor NJVC , gas pipeline Creos Luxembourg S.A. , municipal governments, defense contractors, and critical infrastructure organizations).”

Ransomware 114

Ransomware Government Insurance Manufacturing 114

Hunton Privacy

JULY 16, 2021

The Proposed Guidance seeks to promote consistency in banking organizations’ third-party risk management, replacing agency-specific guidance with a framework that applies to all banking organizations supervised by the Regulators. Contingency planning for relationship terminations.

Risk 81

Risk Insurance Sales Encryption 81

Security Affairs

JANUARY 4, 2022

According to the company, threat actors have stolen data of individuals employed between July 1, 2010, and December 12, 2021. McMenamins properties remain open despite the security breach, however, many operational systems, including its phone system, credit card processing and hotel reservation system, were impacted by the ransomware attack.

Data breaches 108

Data breaches Ransomware Insurance Sales 108

Security Affairs

FEBRUARY 4, 2022

In letters sent to impacted individuals, the company said that the ransomware infection was discovered in August 2021. The investigation conducted with the help of independent cybersecurity experts, revealed that threat actors stole the personal information of 521,046 individuals, including employees, contractors, and clients.

Ransomware 95

Ransomware Business Services Data breaches Insurance 95

Security Affairs

MARCH 25, 2021

Astoria Company LLC is a lead generation company that leverages on a network of websites to collect information on a person that may be looking for discounted car loans, different medical insurance, or even payday loans. DATABASE SALE ON DARKWEB MARKETS. ” reported Night Lion.

Data breaches 113

Data breaches Sales Insurance Marketing 113

IT Governance

SEPTEMBER 13, 2022

According to Cisco’s 2022 Cybersecurity Almanac , the amount of money organisations spend recovering from cyber attacks is expected to increase by 75% in the five-year period from 2021 to 2025, reaching as much as $10.5 The next layer of security addresses cyber security as an ongoing process rather than a set of static solutions.

Risk 102

Risk Security Data breaches Phishing 102

Security Affairs

JULY 24, 2022

ransom and sued its insurance firm for refusing to cover this payment Crooks stole $375k from Premint NFT, it is one of the biggest NFT hacks ever Google is going to remove App Permissions List from the Play Store Security Affairs newsletter Round 374 by Pierluigi Paganini APT groups target journalists and media organizations since 2021.

Security 97

Security Ransomware Insurance Analytics 97

IT Governance

JUNE 15, 2022

IT Governance identified more than 1,200 publicly disclosed data breaches in 2021 , while another report found that security incidents cost almost £3 million on average. These figures are on the rise, demonstrating the increasing importance of effective cyber security. Patch management is an essential part of cyber security.

Risk 142

Risk Security Passwords Phishing 142

Security Affairs

JUNE 10, 2021

On June 10th, during the Digital Risk Summit 2021 online conference ( Amsterdam ), Group-IB presented its research on various fraudulent machinations, obtained thanks to neural networks and ML-based scorings of the Group-IB Digital Risk Protection System. Insurance companies around the world are now suffering from phishing.

Phishing 102

Phishing Retail Insurance Risk 102

Security Affairs

AUGUST 8, 2021

Further research revealed that the post was nothing but a very bold ad to scale up the user base of newly established card shop All World Cards, which joined the carding market in May 2021. In the entire batch Group-IB researchers found 810 expired cards, 30 of them expired in June 2021, 780 in July 2021.

Marketing 132

Marketing Sales IT Insurance 132

Security Affairs

NOVEMBER 15, 2022

The researchers analyzed two campaigns attributed to Earth Longzhi; the first one conducted between 2020 to 2021 targeted the government, infrastructure, and health industries in Taiwan and the banking sector in China.

Archiving 94

Archiving Passwords Metadata Insurance 94

Info Source

JANUARY 27, 2021

Rigorous Certification for Square 9’s Data and Information Security Policies and Procedures. The Health Insurance Portability and Accountability Act Security Rule of 2003, commonly referred to as HIPAA, addresses the security of electronic Protected Health Information (ePHI). NEW HAVEN, CONN.,

Cloud 52

Cloud ECM Digital transformation Compliance 52

Security Affairs

MAY 15, 2023

Compromised organizations operate in different business verticals, including manufacturing, wealth management, insurance providers, and pharmaceuticals. Like other ransomware operations, the RA Group also uses a double extortion model and runs a date leak site. “This actor is expanding its operations at a fast pace.

Ransomware 89

Ransomware Encryption Healthcare Insurance 89

Security Affairs

APRIL 26, 2021

The attackers hit companies in North America and threat actors exploited the ProxyLogon Microsoft Exchange flaws ( CVE-2021-27065 and CVE-2021-26858 ) to deliver malware in their networks. Attackers are exploiting the ProxyLogon flaws in Microsoft Exchange to recruit machines in a cryptocurrency botnet tracked as Prometei.

Mining 68

Mining Retail Insurance Manufacturing 68

Security Affairs

JUNE 14, 2021

— Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. pic.twitter.com/cBeTfteyGl — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. .

Insurance 73

Insurance Access Security IT 73

Security Affairs

FEBRUARY 27, 2024

Optum Solutions is a subsidiary of UnitedHealth Group, a leading health insurance company in the United States. “On February 21, 2024, UnitedHealth Group (the “Company”) identified a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems. .

Ransomware 98

Ransomware Government Insurance Manufacturing 98