Author: rescue@crimefire.in

The West Michigan Center for Arts and Technology (WMCAT) is launching a program that provides Kent County adults with a tuition-free pathway to a career in cybersecurity. Pictured is a computer screen at the University of Michigan-Flint on Feb. 14, 2022, where a cyber security bachelor's degree is available for the fall semester. (Jake May | MLive.com)
GRAND RAPIDS, MI – A nonprofit is launching a new training program that provides Kent County adults with a tuition-free pathway to a career in cybersecurity, a high-paying field where demand is growing.
The West Michigan Center for Arts + Technology (WMCAT) in Grand Rapids new cybersecurity training pathway is part of its tuition-free Adult Career Training Program, which provides underemployed and unemployed adults with training for in-demand jobs that pay well.
Graduates of the seven-month training program will be able to earn certification in various cybersecurity credentials including Certificate of Cloud Security Knowledge, Auditing AI Foundations Certification, and Fundamentals of Children’s Privacy, according to WMCAT’s website.
The nonprofit will accept 12 adults into the program for its first year, according to a news release from the nonprofit. Enrollment is open through Oct. 17, and the seven-month program will start in December 2022.
Jamon Alexander, president + CEO of WMCAT, said employer demand for trained specialists in cybersecurity and GRC (governance, risk and compliance) is high and rising, the release said.
“We know that right now economic opportunity is in technology,” Alexander said in a statement. “WMCAT is committed to connecting people to new educational and career pathways, diversifying the tech talent pipeline, and supporting inclusive growth in the region to ensure all families can thrive in the digital economy.”
The number of information security analyst positions in West Michigan is expected to increase 18% through 2023, according to West Michigan Works!. Average starting salary in the field ranges between $64,740 and $77,849 a year, according to WMCAT’s website.
Mid-career professionals in these positions earn a median hourly rate of $49.33, or approximately $102,600 in annual salary, according to the nonprofit’s news release.
Students in the cybersecurity training program will take both remote and in-person classes that run Monday through Thursday from 10 a.m. to 3 p.m. The seven-month program will end in June 2023.
The nonprofit is partnering with national provider GRC (Governance, Risk and Compliance) for Intelligent Ecosystems, or GRCIE, to provide students with online instruction in a virtual reality environment.
“When designing and implementing a workforce transformation initiative at the community level, it is critical that the students have access to an on-the-ground network of experts to provide a strong network of social services,” said Jenai Marinkovic, executive director of GRCIE, in a prepared statement.
“We are excited to partner with WMCAT to build out this first-of-its-kind program where students are educated in the metaverse and learn cybersecurity fundamentals, as well as how to protect and defend artificially intelligent ecosystems in this ever-changing world.”
WMCAT’s Adult Career Training Program is geared toward adults in Kent County who remain economically fragile despite working – often referred to as ALICE (Asset Limited, Income Constrained, Employed).
In Grand Rapids, 46% of households live below the ALICE threshold, according to the nonprofit. Forty-five percent of families live below that threshold in Kentwood and Wyoming.
WMCAT’s tuition-free adult training program, which has been around for 17 years, also offers pathways programs for health information and pharmacy technicians. In addition to covering tuition, the program also includes a stipend, access to an emergency fund, and on-site supports for adult learners.
Around 80% of graduates from the program end up with a career with local employers like Spectrum Health, Meijer, and Mercy Health within six months of graduation, according to WMCAT.
WMCAT’s new cybersecurity training program is possible thanks to recent multi-year funding from the W.K. Kellogg Foundation, according to the release.
Tracie Coffman, program officer at the W.K. Kellogg Foundation, said the foundation hopes the funding will help reduce the racial wealth gap in Grand Rapids.
In the city of Grand Rapids, the median household income is $42,000, but it is only $24,000 for Black residents and $31,000 for Hispanic residents, according to data from the city.
“The W.K. Kellogg Foundation is proud to provide support that will help to reduce the racial wealth gap in Grand Rapids through this training-with-stipend program, designed to impact families in our communities of color,” Coffman said in a prepared statement.
“At the W.K. Kellogg Foundation, children are at the heart of everything we do, and we know that for children to thrive, their families have to have, not only access to good paying jobs, but also career pathways to be able to support them.”
Applicants of the Adult Career Training Program must have a high school diploma or General Education Development (GED), live in Kent County, receive some form of public assistance and have no record of a felony. They also must be fully vaccinated against COVID-19.
Adults who identify as BIPOC (Black, Indigenous, People of Color) are encouraged to apply, according to the release.
Interested applicants can learn more about the Cybersecurity + GRC pathway program and begin the three-step enrollment process at work.wmcat.org/enrollment or call 616-454-7004.
More on MLive:
10% of Grand Rapids third graders were eligible to be held back last year over reading scores
Beaumont-Spectrum Health lays off 400 employees amid financial pressures
Zeeland East teammates overcoming family tragedy with faith, friendship
6 weeks on, 1 week off: Mona Shores trying new schedule that prioritizes consistency
If you purchase a product or register for an account through one of the links on our site, we may receive compensation.
Use of and/or registration on any portion of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookie Statement, and Your Privacy Choices and Rights (each updated 1/26/2023).
Cookie Settings/Do Not Sell My Personal Information
© 2023 Advance Local Media LLC. All rights reserved (About Us).
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Advance Local.
Community Rules apply to all content you upload or otherwise submit to this site.
YouTube’s privacy policy is available here and YouTube’s terms of service is available here.
Ad Choices

source

The settlement benefits anyone who resides in the United States and was sent notice by Volkswagen and/or Audi that their information may have been exposed as a result of the data security incident.
Volkswagen and Audi agreed to a $3.5 million settlement to resolve claims their customers’ information was stolen in a data breach spanning several years.
The settlement benefits consumers who received a notice from Volkwagen and/or Audi informing them that their personal information (PI) or sensitive personal information (SPI) may have been exposed in the 2019-to-2021 data breach.
The nationwide PI subclass is made up of class members whose PI was compromised in the data breach.
The nationwide SPI subclass is made up of class members whose SPI was compromised in the data breach. 
The California SPI subclass is made up of class members whose SPI was compromised in the data breach while they were residing in California.
Consumers took legal action against Volkswagen and Audi after the companies announced a data breach in 2021 that affected over 3.3 million Audi purchasers. The breach reportedly exposed sales and marketing data from 2014 and 2019 during a period of time between August 2019 and May 2021.
Audi and its parent company, Volkswagen, are automotive manufacturers that sell luxury vehicles around the world.
Volkswagen and Audi haven’t admitted any wrongdoing but agreed to a $3.5 million class action settlement to resolve these allegations.
Under the terms of the Volkswagen and Audi data breach settlement, class members can receive a cash payment based on their subclass membership. 
Actual cash payments may be higher or lower depending on the number of claims filed with the settlement.
Members of the California SPI subclass and nationwide SPI subclass can receive additional reimbursement for out-of-pocket expenses related to the data breach. The settlement allows these class members to claim up to $5,000 for fraud, identity theft, credit expenses, communication charges and up to four hours of unpaid time off work at a rate of $50 per hour.
The deadline for exclusion and objection is March 13, 2023.
The final approval hearing for the Volkswagen and Audi data breach settlement is scheduled for May 18, 2023.
To receive settlement benefits, class members must submit a valid claim form by April 12, 2023.
Consumers who received a notice from Volkwagen and/or Audi informing them that their personal information (PI) or sensitive personal information (SPI) may have been exposed in the 2019 to 2021 data breach
Nationwide PI subclass: class members whose PI was compromised in the data breach.
Nationwide SPI subclass: class members whose SPI was compromised in the data breach. 
California SPI subclass: class members whose SPI was compromised in the data breach while residing in California.
$5,350
Documentation of data breach-related expenses.
NOTE: If you do not qualify for this settlement do NOT file a claim.
Remember: you are submitting your claim under penalty of perjury. You are also harming other eligible Class Members by submitting a fraudulent claim. If you’re unsure if you qualify, please read the FAQ section of the Settlement Administrator’s website to ensure you meet all standards (Top Class Actions is not a Settlement Administrator). If you don’t qualify for this settlement, check out our database of other open class action settlements you may be eligible for.
04/12/2023
In Re: Volkswagen Data Incident Litigation, Case No. 4:21-cv-08518, in the U.S. District Court for the District of New Jersey
05/18/2023
audidatasettlement.com
Volkswagen/Audi Data Incident Litigation
Settlement Administrator
PO Box 3637
Portland, OR 97208-3637
866-329-0166
Anderson Berry
CLAYEO C ARNOLD PC
Gayle M Blatt
CASEY GERRY SCHENK FRANCAVILLA BLATT & PENFIELD LLP
Rachele R Byrd
WOLF HALDENSTEIN ADLER FREEMAN & HERZ LLP
Karen Hanson Riebel
LOCKRIDGE GRINDAL NAUEN PLLP
SQUIRE PATTON BOGGS US LLP
WINSTON & STRAWN LLP
Read About More Class Action Lawsuits & Class Action Settlements:
Δ
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2023 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
Please add me I bought my Audi A3 Etron in Feb 2021
Buying a vw pssatt add me
I purchased an Audi A3 in 2017
The car was exclusively serviced by Audi in 2018, to 2021. I was hacked. And lost 30,000.
I leased a VW Eos in 2016 and purchased it in 2019. I moved states 3 years ago and don’t know if I was notified.
add me
Not sure if my personal information was shared. Purchased a Volkswagen Jetta in 2013 or 2014 here in St. Louis MO from Dean Team Volkswagen on Manchester. Please let me know if this applies.
I’ve purchased a VW beetle in 2020…. Have been the recipient of some odd stuff since. I’m usually broke, so not sure of data breech from VW… As I’ve been notified about other data breech from Equifax.
Add me
Not sure if I received a letter and most of those letters people dispose of
Your email address will not be published. By submitting your comment and contact information, you agree to receive marketing emails from Top Class Actions regarding this and/or similar lawsuits or settlements, and/or to be contacted by an attorney or law firm to discuss the details of your potential case at no charge to you if you qualify. Required fields are marked *
Comment *
Name *
Email *


Δ
Δ
Please add me I bought my Audi A3 Etron in Feb 2021
Buying a vw pssatt add me
I purchased an Audi A3 in 2017
The car was exclusively serviced by Audi in 2018, to 2021. I was hacked. And lost 30,000.
I leased a VW Eos in 2016 and purchased it in 2019. I moved states 3 years ago and don’t know if I was notified.
add me
Not sure if my personal information was shared. Purchased a Volkswagen Jetta in 2013 or 2014 here in St. Louis MO from Dean Team Volkswagen on Manchester. Please let me know if this applies.
I’ve purchased a VW beetle in 2020…. Have been the recipient of some odd stuff since. I’m usually broke, so not sure of data breech from VW… As I’ve been notified about other data breech from Equifax.
Add me
Not sure if I received a letter and most of those letters people dispose of
Your email address will not be published. By submitting your comment and contact information, you agree to receive marketing emails from Top Class Actions regarding this and/or similar lawsuits or settlements, and/or to be contacted by an attorney or law firm to discuss the details of your potential case at no charge to you if you qualify. Required fields are marked *
Comment *
Name *
Email *


Δ
Please note: Top Class Actions is not a settlement administrator or law firm. Top Class Actions is a legal news source that reports on class action lawsuits, class action settlements, drug injury lawsuits and product liability lawsuits. Top Class Actions does not process claims and we cannot advise you on the status of any class action settlement claim. You must contact the settlement administrator or your attorney for any updates regarding your claim status, claim form or questions about when payments are expected to be mailed out.

Δ
@2023 Top Class Actions. All Rights Reserved. Privacy Policy | Terms and Conditions

source

No major organisation has been held responsible for disregard towards safeguarding personal data since the start of the millennium.
GIF: The Wire, made with Canva.
Indian software service companies are some of the most profitable entities in the world. They provide technology solutions that power Fortune 500 companies and governments across the world, but is their code always secure?
The answer is never a simple binary response but more complex in the real world. The online website of Wired has reported a large-scale breach of millions of students and teachers’ private information through the Digital Infrastructure for Knowledge Sharing app (DIKSHA) app of the government of India.
This is not the first time data breaches have been reported at this scale and this won’t be the last either, but will this change even with the Digital Personal Data Protection law in place?
Wired and the researchers who discovered the security flaw with the DIKSHA app, tried to report it to the Ministry of Education and received no response. They were only able to get the issue fixed when they contacted the organisation that built DIKSHA – EkStep, a foundation co-founded by IT billionaire Nandan Nilekani.
Deepika Mogilishetty, the chief of policy and partnerships at EkStep, told Wired that while EkStep does support the development of DIKSHA, the responsibility of data and its security lies with the Union Ministry of Education.
This is not the first time that organisations linked directly to Nandan Nilekani are involved in data breaches, with their direct involvement in Aadhaar and security issues around its design. It is Nilekani’s organisations that have successfully lobbied how the government of India should be building and collecting Indians’ personal data, as designed in his TAG-UP report. 
Ideally when the security researcher reached out to the DIKSHA team, the Union education ministry should have alerted CERT-IN (the Indian Computer Emergency Response Team) and the flaw should have been fixed. CERT-IN is also ideally required to do a forensics analysis and determine whether the security flaws have been exploited by anyone. But unfortunately it takes more than having a privacy policy to actually follow it and secure information of people, especially when they are children.
CERT-IN, like the Ministry of Education, has been ignoring its statutory responsibility to citizens of India. While CERT-IN has minimal capacity to address security issues, there has been no reaction by CERT-IN to security incidents that have taken place in the past either. 
Neither EkStep, the Union education ministry or CERT-IN have officially issued any statements on the security incident. Which brings us to the question of liability. Whose responsibility is it and who should have acted on the issue?
EkStep has told Wired they are not responsible for it. As custodian of this data the responsibility then lies on the Union education ministry. As the nodal agency to respond to cyber security, CERT-IN too has a responsibility to look into the issue. But all the actors involved have no interest to look deeper into the problem as no one is holding them accountable for their continued disregard towards privacy.
Even though there is no data protection law in place to demand action by the state on violations that involve the fundamental right to privacy, the Information Technology Act of 2008 has provisions to hold liable parties accountable. The section 43A of the IT Act which allows parties affected by data breaches to demand compensation from corporate bodies has never been implemented and lies merely as a paper threat.
No major organisation has been held responsible for their disregard with respect to safeguarding personal data since the start of millennium. 
The Digital Personal Data Protection Law which is expected to be passed in the parliament sometime this year, will not change this issue either. Even though the law proposes significant monetary penalties on organisations that do not handle personal data with care, it might just remain another paper threat with the current version of the law. 
Data leaks and breaches will continue to occur in India and there won’t be an end to it as the regulators are not interested in penalising the government bodies or the actors who are producing the technology with a booming IT sector.
Most security incidents can be attributed to a lack of organisational capacity to address them and un-informed software developers who are producing the technology. The only way to address this problem is to increase awareness among the software developer community on producing safer software and push organisations to invest in better practices. Until organisations are incentivised to do this, it remains an issue. 

source

Photo: Tim Samuel/Pexels
This month, more than 114,000 individuals may have experienced personally identifiable information and protected health information exposures from these incidents, while an email marketing hack is a new source for phishing attacks.
On January 17, mscripts, a cloud-based mobile pharmacy platform that focuses on patient engagement and medication adherence solutions, reported to the U.S. Department of Health and Human Services unauthorized access/disclosure that involved protected health information of 66,372 individuals, according to the Office for Civil Rights cases under investigation list.
The San Francisco-based platform, owned by Dublin, Ohio-based Cardinal Health, uses interactive SMS messaging and branded mobile apps to provide dosage and refill reminders and other prescription management functions. 
It has partnerships across the healthcare space and customers include retailers like Kmart and Wegmans, and providers like Intermountain Healthcare, Banner Health and the Henry Ford Health System.
Mscripts and Cardinal Health have not posted data breach notices to their websites.
The mscripts privacy policy on Henry Ford’s website indicates that PII, as well as PHI, may be collected by mscripts from users and their pharmacies. 
According to a UCHealth announcement posted to its website January 17, “Diligent provides hosted services to UCHealth and reported to UCHealth that Diligent’s software was accessed and attachments were downloaded including UCHealth files.”
The Colorado-based healthcare provider noted that electronic medical records and email systems were not part of the breach, but “some of UCHealth’s patient, provider or employee data may have been included in this incident.” 
UCHealth reported to OCR that 48,879 individuals were affected by the hacking incident, according to the agency.
The medical provider said the stolen data may have included:
Mailchimp announced on its website that on January 11 it identified an unauthorized actor had compromised administration tools and accessed 133 accounts, exposing customer data, through a second social engineering attack on the company in six months. 
The email marketing service provider temporarily suspended those accounts to protect user data. 
Mailchimp was first breached in April 2022, and threat actors were able to view around 300 user accounts and obtain audience data from 102 of them, as reported by the chief information security officer to the HHS cybersecurity program. 
As a result, HC3 warned healthcare organizations of phishing campaigns leveraged by the email marketing platform. 
While it is not a HIPAA-covered entity with a business associate agreement, a number of medical practice management applications integrate with Mailchimp, and a number of mail marketing service providers for doctors and providers work with Malchimp, Constant Contact and other email marketing platforms.
In the previous social engineering attack in August, Mailchimp specified that the 214 accounts affected were largely cryptocurrency and finance organizations.
However, DigitalOcean, a large cloud provider across industries, including healthcare, confirmed its clients had been affected by malicious password resets, and the provider migrated email services away from the platform.
Also, CloudSEK’s BeVigil research team released a December report that API keys for Mailchimp, along with Mailgun and Sendgrid, had been leaked, potentially allowing threat actors access to email conversations and potentially sensitive information.
“An API key leak in Mailchimp would allow a threat actor to read conversations, fetch customer information, expose email lists of multiple campaigns containing [PII], authorize third-party applications connected to a MailChimp account, manipulate promo codes and start a fake campaign and send emails on behalf of the company,” according to Business Standard’s coverage of the report.
Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS publication.
More Whitepapers
More Webinars

© 2023 Healthcare IT News is a publication of HIMSS Media

source

On January 19, 2023, reports began to surface about a potential Zendesk data breach. While the company has yet to publicly confirm that it was the target of a cyberattack, some of the company’s customers report receiving emails informing them of a data breach. Based on the currently available information, the incident resulted in an unauthorized party gaining access to certain clients’ account information. After confirming that consumer data was leaked, Zendesk began sending out data breach notification emails to all individuals and businesses that were impacted by the recent data security incident.
If you received a data breach email from Zendesk, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Zendesk data breach, please see our recent piece on the topic here.
The available information regarding the Zendesk breach comes from various news sources, several of which contain first-hand accounts of Zendesk customers. According to these sources, on October 25, 2022, Zendesk learned that several of the company’s employees were targeted in an SMS phishing campaign. Evidently, the attack resulted in an unauthorized party obtaining several Zendesk employees’ login credentials.
In response to learning about this incident, Zendesk enlisted the assistance of a cybersecurity firm to assist with the company’s investigation and review of all compromised unstructured data. The investigation confirmed that “unstructured data from a logging platform from September 25, 2022 to October 26, 2022 was accessed.”
Upon discovering that sensitive data was made available to an unauthorized party, Zendesk began to review the affected files to determine what information was compromised and which consumers were impacted. By January 12, 2023, Zendesk had at least partially completed its review of the affected files, notifying some customers that their account service data was compromised.
Subsequently, Zendesk sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. As of the time of publishing, Zendesk has not filed official notice of a data breach, and the total number of data breach victims remains unknown. However, the Zendesk breach was only reported a few weeks ago, and additional information may soon become available.
Founded in 1007, Zendesk is a developer of customer relationship management software based in San Francisco, California. Through its various products, Zendesk helps businesses of all sizes provide a better customer experience. Zendesk currently has approximately 100,000 customers across 160 countries and territories. Zendesk employs more than 6,000 people and generates approximately $1.6 billion in annual revenue.
See more »
DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
© Console and Associates, P.C. | Attorney Advertising
Refine your interests »
Back to Top
Explore 2022 Readers’ Choice Awards
Copyright © JD Supra, LLC

source

Search

UCHealth was recently informed by Diligent Corporation, a software company that provides business operations tools for UCHealth and other organizations, that Diligent experienced a security incident that impacted data held by Diligent on its servers. Some of UCHealth’s patient, provider or employee data may have been included in this incident.
Diligent provides hosted services to UCHealth and reported that Diligent’s software was accessed, and attachments were downloaded including UCHealth files.
Importantly, UCHealth’s systems, including its electronic medical record, were not impacted by this incident.
UCHealth values its patients, employees and providers, and protecting their data is a top priority. Though we have no reason to believe the person who took the data from Diligent’s system shared or misused it in any way, we are sharing this security incident so individuals may protect themselves by watching for any suspicious activity or possible identity theft. Individuals who may be involved are being notified per state and federal reporting requirements.
Information involved varied based on the type of attachments downloaded by the cybercriminal and may have included name, address, date of birth and treatment-related information. In very limited cases, Social Security numbers and financial information, such as banking information, may have been involved.
We apologize for the concern and inconvenience this data breach may cause, and we remain committed to safeguarding our patients’, employees’ and providers’ information.
Diligent says it has taken additional steps to protect its data and prevent this type of attack from happening again.
Additional information is available on UCHealth’s website. Individuals can get information on protecting themselves from identity theft from the notice potentially involved individuals receive in the mail, from the Federal Trade Commission, by visiting the Colorado Attorney General’s Stop Fraud website, or by calling 877.ID-THEFT (877.438.4338). National credit reporting agencies can be contacted at:
 
1-866-349-5191
www.equifax.com
P.O. Box 740241
Atlanta, GA 30374
1-888-397-3742
www.experian.com
P.O. Box 2002
Allen, TX 75013
1-800-888-4213
www.transunion.com
P.O. Box 2000
Chester, PA 19016
 
Get the most popular stories delivered to your inbox monthly

 
Metro Denver
720.848.0000
Northern Colorado
970.495.7000
Southern Colorado
719.365.5000
Para información en español llame al
844.945.2500
Download the UCHealth App

source

RISK AND FINANCIAL ADVISORY SOLUTIONS
FIND AN EXPERT
TRENDING TOPICS
OUR WORK
CAREERS
Thu, Jan 26, 2023
David White
Data breaches have become an unfortunate reality of the digital world we live in. While there is no doubt that efforts can be made to mitigate the chances of a data breach, living in a completely data breach-free world is not realistic. Apart from having processes and technology in place to prevent data breaches, companies should also have a plan of action in case they do suffer a breach. 
One aspect of being prepared is understanding how vulnerable your industry may be to data breaches. Kroll handles thousands of incidents every year and in its Data Breach Outlook – Year in Review, it has ranked which industries continually top the charts. 

In 2022, health care overtook finance as the most breached industry, accounting for 22% of the breaches handled by Kroll, compared to 16% in 2021; a 38% increase year over year. Finance dropped to second place with 19% of the cases in 2022, a 3% drop from 2021 where it accounted for 22% of breach cases.
Still in recovery from the pandemic, it is hardly surprising that the health care industry was particularly vulnerable to data breaches in 2022; at the very least, data management may have become less of a priority, potentially putting data at risk of exposure. The finance industry continued to report a substantial number of breaches, likely because of the regulatory obligations in the industry which increase the amount of data breach disclosure. But, for a similar reason, it was surprising to see insurance slip out of the top five in 2022.

It was interesting to see the proportion of breaches hitting industrial services double in 2022. This points to a wider trend of industries which have previously considered the data they hold as “less sensitive,” falling victim to data loss or cyberattacks, causing data compromise and consequently having to begin a notification process.
Other Notable Industry Shifts in 2022:

Further investigation into the data unveils some insights into how concerned consumers are in these respective industries about the data breaches in question. While health care may have suffered the largest proportion of incidents in 2022, the number of incoming calls related to these data breaches and the number of consumers which take up identity protection—often a combination of identity and credit monitoring—were still less than in the finance industry.
Findings Include:

This potentially reveals that consumers are more concerned about their financial data than personal data related to health care. While in both industries personally identifiable information is at risk, given those looking to utilize this information—often cybercriminals—are largely perceived to be doing so for financial gain, it is understandable that financial data would be perceived to be more sensitive than health information. In reality, however, much of the data gathered from health care organizations—for example, social security numbers—could be used to set up fraudulent accounts and transactions. Concern is not misplaced, given the amount of revenue researchers believe is generated from this type of stolen data. 


It is possible to extrapolate the interpretation of this data further to indicate what organizations should perhaps be prepared for following a data breach. Perhaps the high number of calls and the take up of identity monitoring from the financial industry indicates that consumers are not only concerned about their data but potentially unhappy about how it has been managed. It may be wise for those organizations in the finance industry which suffer a breach to get prepared for litigation. Alternatively, it may show that the consumer support being provided by the finance industry is both accessible and necessary. 
Understanding the drivers behind the Data Breach Outlook figures is subjective, and it is important that businesses combine this data with their own insight from talking to customers and market research. It is also true that while an industry may make up less of the overall number of data breach cases, it is not immune from the impact of a data breach and should similarly have playbooks if an incident was to occur.
This data may also be of interest to insurers looking to estimate the financial exposure of data breaches. A more engaged population of consumers impacted by a data breach could result in more identity monitoring and higher costs for the insurer and/or organization.
To understand more about how the data breach notification process works and what you can do ahead of time to ensure it runs as smoothly as possible with minimal financial and reputational damage, see this recent article on demystifying breach notification.
You may also be interested in reading our 2021 Data Breach Outlook – ‘Under-Attacked’ Industries Feel the Heat.
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Kroll’s data breach notification, call centers and monitoring team brings global breach response expertise to efficiently manage regulatory and reputational needs.
Services include drafting communications, full-service mailing, alternate notifications.
A notification letter can generate lots of questions for those affected by a data breach. Kroll’s call center services are provided by skilled representatives who know how to handle difficult questions and stand at the ready to serve your breached population.
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Kroll’s unique combination of identity monitoring services can detect more types of identity theft than credit monitoring alone, providing practical help to combat identity theft and fraud.
Credit monitoring can be a powerful tool to offer in the wake of a data breach. Kroll provides a monitoring alert system that’s backed by the expertise of our licensed investigator team.
Jan 23, 2023
by Stephen Green, Elio Biasiotto
Jan 16, 2023
by Jason N. Smolanoff, Megan  Greene
Jan 18, 2023
by Rahul Raghavan
Nov 08, 2022
by Laurie Iacono, Keith Wojcieszek,  George Glass
Apr 13 – Dec 07, 2023 | Online Event
55 East 52nd Street 17 Fl
New York NY 10055

+1 212 593 1000
Subscribe to Kroll Reports
Thank you! A confirmation email has been sent to you.
Sorry, something went wrong. Please try again later!
Sign up to receive periodic news, reports, and invitations from Kroll. Our privacy policy describes how your data will be processed.
© 2023 Kroll, LLC. All rights reserved. Kroll is not affiliated with Kroll Bond Rating Agency, Kroll OnTrack Inc. or their affiliated businesses. Read more.

source

Searching for your content…
In-Language News
Contact Us
888-776-0942
from 8 AM – 10 PM ET
News provided by
Jul 27, 2022, 00:01 ET
Share this article
60% of breached businesses raised product prices post-breach; vast majority of critical infrastructure lagging in zero trust adoption; $550,000 in extra costs for insufficiently staffed businesses
CAMBRIDGE, Mass., July 27, 2022 /PRNewswire/ — IBM (NYSE: IBM) Security today released the annual Cost of a Data Breach Report,¹ revealing costlier and higher-impact data breaches than ever before, with the global average cost of a data breach reaching an all-time high of $4.35 million for studied organizations. With breach costs increasing nearly 13% over the last two years of the report, the findings suggest these incidents may also be contributing to rising costs of goods and services. In fact, 60% of studied organizations raised their product or services prices due to the breach, when the cost of goods is already soaring worldwide amid inflation and supply chain issues.

The perpetuality of cyberattacks is also shedding light on the “haunting effect” data breaches are having on businesses, with the IBM report finding 83% of studied organizations have experienced more than one data breach in their lifetime. Another factor rising over time is the after-effects of breaches on these organizations, which linger long after they occur, as nearly 50% of breach costs are incurred more than a year after the breach.
The 2022 Cost of a Data Breach Report is based on in-depth analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022. The research, which was sponsored and analyzed by IBM Security, was conducted by the Ponemon Institute.
Some of the key findings in the 2022 IBM report include:
“Businesses need to put their security defenses on the offense and beat attackers to the punch. It’s time to stop the adversary from achieving their objectives and start to minimize the impact of attacks. The more businesses try to perfect their perimeter instead of investing in detection and response, the more breaches can fuel cost of living increases.” said Charles Henderson, Global Head of IBM Security X-Force. “This report shows that the right strategies coupled with the right technologies can help make all the difference when businesses are attacked.”
Over-trusting Critical Infrastructure Organizations
Concerns over critical infrastructure targeting appear to be increasing globally over the past year, with many governments’ cybersecurity agencies urging vigilance against disruptive attacks. In fact, IBM’s report reveals that ransomware and destructive attacks represented 28% of breaches amongst critical infrastructure organizations studied, highlighting how threat actors are seeking to fracture the global supply chains that rely on these organizations. This includes financial services, industrial, transportation and healthcare companies amongst others.
Despite the call for caution, and a year after the Biden Administration issued a cybersecurity executive order that centers around the importance of adopting a zero trust approach to strengthen the nation’s cybersecurity, only 21% of critical infrastructure organizations studied adopt a zero trust security model, according to the report. Add to that, 17% of breaches at critical infrastructure organizations were caused due to a business partner being initially compromised, highlighting the security risks that over-trusting environments pose.
Businesses that Pay the Ransom Aren’t Getting a “Bargain”
According to the 2022 IBM report, businesses that paid threat actors’ ransom demands saw $610,000 less in average breach costs compared to those that chose not to pay – not including the ransom amount paid. However, when accounting for the average ransom payment, which according to Sophos reached $812,000 in 2021, businesses that opt to pay the ransom could net higher total costs – all while inadvertently funding future ransomware attacks with capital that could be allocated to remediation and recovery efforts and looking at potential federal offenses.
The persistence of ransomware, despite significant global efforts to impede it, is fueled by the industrialization of cybercrime. IBM Security X-Force discovered the duration of studied enterprise ransomware attacks shows a drop of 94% over the past three years – from over two months to just under four days. These exponentially shorter attack lifecycles can prompt higher impact attacks, as cybersecurity incident responders are left with very short windows of opportunity to detect and contain attacks. With “time to ransom” dropping to a matter of hours, it’s essential that businesses prioritize rigorous testing of incident response (IR) playbooks ahead of time. But the report states that as many as 37% of organizations studied that have incident response plans don’t test them regularly.
Hybrid Cloud Advantage
The report also showcased hybrid cloud environments as the most prevalent (45%) infrastructure amongst organizations studied. Averaging $3.8 million in breach costs, businesses that adopted a hybrid cloud model observed lower breach costs compared to businesses with a solely public or private cloud model, which experienced $5.02 million and $4.24 million on average respectively. In fact, hybrid cloud adopters studied were able to identify and contain data breaches 15 days faster on average than the global average of 277 days for participants.
The report highlights that 45% of studied breaches occurred in the cloud, emphasizing the importance of cloud security. However, a significant 43% of reporting organizations stated they are just in the early stages or have not started implementing security practices to protect their cloud environments, observing higher breach costs². Businesses studied that did not implement security practices across their cloud environments required an average 108 more days to identify and contain a data breach than those consistently applying security practices across all their domains.
Additional findings in the 2022 IBM report include:
Additional Sources
About IBM Security
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM Security X-Force^® research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world’s broadest security research, development, and delivery organizations, monitors 150 billion+ security events per day in more than 130 countries, and has been granted more than 10,000 security patents worldwide. For more information, please check www.ibm.com/security, follow @IBMSecurity on Twitter or visit the IBM Security Intelligence blog.
Press Contact:
IBM Security Communications
Georgia Prassinos
[email protected]
¹ Cost of a Data Breach Report 2022, conducted by Ponemon Institute, sponsored, and analyzed by IBM
² Average cost of $4.53M, compared to average cost $3.87 million at participating organizations with mature-stage cloud security practices
SOURCE IBM
More news releases in similar topics
Cision Distribution 888-776-0942
from 8 AM – 9 PM ET

source

January 27, 2023
Telecommunications company Charter Communications said one of its third-party vendors suffered from a security breach after data from the company showed up on a hacking forum.
On Thursday, a forum user posted information allegedly stolen from the company that included names, account numbers, addresses and more for about 550,000 customers. 
“We are aware of the post and following our security protocol in response. The initial evidence suggests that one of our third-party vendors had a security breach,” a spokesperson said. “At this time, we do not believe that any customer proprietary network information or customer financial data was included.”
The spokesperson did not respond to follow-up questions about what third-party vendor was hacked, when the hack occurred or when affected customers will be notified. 
Charter Communications is the second largest cable operator in the U.S. and fifth largest telephone provider – with more than 32 million customers in 41 states. On Friday, it reported nearly $14 billion in revenue for the last quarter of 2022. 
The hacker post says the database includes a range of information on repairs and sales. 
IntelBroker has added the database of Charter Communications (https://t.co/m9djfZPZl0) to the hacker's forum, claiming that it contains 550K user records including AcctountNumber, UniqueID, address, and so on.#USA 🇺🇸#darkweb #deepweb #databreach #cyberrisk pic.twitter.com/LIYZti0T2q
The breach comes just two weeks after the Federal Communications Commission voted unanimously to investigate potential changes to the breach notification rules for telecommunications companies.
FCC Chairwoman Jessica Rosenworcel said the rules the agency created more than 15 years ago are no longer compatible with a modern world where telecommunication carriers have access to a “treasure trove of data about who we are, where we have traveled, and who we have talked to.”
In a 40-page proposal document, the FCC explained that there have been multiple breaches affecting the country’s largest telecommunications companies: Verizon, T-Mobile and AT&T. 
“The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements,” Rosenworcel said. 
“This new proceeding will take a much-needed, fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches.”
Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

Threat Intelligence
Threat Intelligence Feeds
Threat Intelligence Platform
Payment Fraud Intelligence
© Copyright 2023 | The Record from Recorded Future News

source

Cloud storage company Dropbox has suffered a data breach after its employees were targeted by a phishing attack.
The attack, which took place on October 14, saw a malicious actor pose as code integration and delivery platform CircleCI in order to harvest login credentials and authentication codes from employees and gain access to Dropbox’s account on code repository site GitHub, as CircleCI login information can be used to access Github. 
Through the attack, the hacker gained access to some of the code Dropbox stores using the platform, including API keys used by its developers.
Dropbox was alerted to the breach by GitHub after suspicious activity was noticed on its account. The hacker was able to access and copy the code for 130 of Dropbox’s code repositories, although this did not contain any code for its core apps or infrastructure.
In a statement, Dropbox assured users that the threat actor did not gain access to the contents of any Dropbox accounts, passwords or payment information. Instead, the hacker was able to access a “few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads and vendors”. The company said the risk to those who had their information accessed in the breach was “minimal” but has contacted all those affected.
Github itself reported a similar phishing attack on September 16, which also involved a malicious actor posing as CircleCI to gain access to various user accounts.
The phishing site used by the hacker relayed time-based-one-time-passwords (TOTP) two-factor-authentication codes to the hacker in real time, allowing them to gain access to accounts protected by TOTP two-factor authentication. Accounts protected by hardware security keys were not vulnerable to this attack.
Through the attack, the malicious actor was able to gain access to and download multiple private code repositories and use techniques to preserve their access to the account even in the event that the compromised user or organization changed their password. 
01 March, 2023
Online
08 – 09 March 2023
Free CS Hub Online Event
08 March, 2023
Online
15 March, 2023
Online
15 March, 2023
Online
March 21, 2023
Free CS Hub Online Event
Insights from the world’s foremost thought leaders delivered to your inbox.
2023-04-12
10:00 AM – 11:00 AM EST
2023-03-15
10:00 AM – 11:00 AM EST
2023-03-15
10:00 AM – 11:00 AM SGT
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC

Careers With IQPC| Contact Us | About Us | Cookie Policy
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.

source