Health insurer Excellus penalized $5.1M by HHS for data breach

The Department of Health and Human Services says New York health insurer Excellus has agreed to pay a multimillion-dollar penalty after a data breach exposed sensitive information about more than 9 million people between late 2013 and May 2015. The $5.1 million fine is for violations of privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA), according to the department’s Office for Civil Rights (OCR). The incident stemmed from a hack against Excellus’ systems during an era that featured well-publicized attacks on corporations such as Target, Sony and Home Depot. Years later, health data remains a ripe target for cybercriminals, particularly ransomware gangs. U.S. federal agencies warned about an “imminent” ransomware threat in October 2020. The OCR said the breached data included names, addresses, dates of birth, email addresses, Social Security numbers, bank account information, health plan claims and clinical treatment information. “The hackers installed malware […]

The post Health insurer Excellus penalized $5.1M by HHS for data breach appeared first on CyberScoop.

Continue reading Health insurer Excellus penalized $5.1M by HHS for data breach

Morgan Stanley Receives $60 Million Fine for Improper Handling of Customer Data

Morgan Stanley investment bank must pay a whopping $60 million fine for failing to properly decommission multiple business data centers that stored sensitive customer information, the Office of the Comptroller of the Currency (OCC) announced earlier th… Continue reading Morgan Stanley Receives $60 Million Fine for Improper Handling of Customer Data

The High Cost of Reporting a Non-Reportable Data Breach

Can a company be sued for reporting a data breach in which the data was never used and destroyed? In May, cloud provider Blackbaud was the victim of a ransomware attack designed to lock it out of accessing its own data and servers. The company notifie… Continue reading The High Cost of Reporting a Non-Reportable Data Breach

Google Faces Privacy Lawsuit Over Tracking Users in Incognito Mode

A $5 billion class-action lawsuit filed in a California federal court alleges that Google’s Chrome incognito mode collects browser data without people’s knowledge or consent. Continue reading Google Faces Privacy Lawsuit Over Tracking Users in Incognito Mode

Data Breach Litigation Waivers: Be Careful What You Wish For

Companies with data breach litigation waivers may find those waivers used against them by savvy law firms In her 1969 book, “On Death and Dying,” Elisabeth Kübler-Ross described the five stages of grief and loss: Denial and isolation Anger… Continue reading Data Breach Litigation Waivers: Be Careful What You Wish For

Zoom Taps Ex-Facebook CISO Amid Security Snafus, Lawsuit

The online videoconferencing service added Alex Stamos to the team and has also formed an expert advisory board to grapple with the pains of its COVID-19 growth spurt. Continue reading Zoom Taps Ex-Facebook CISO Amid Security Snafus, Lawsuit

Zoom shareholder accuses executives of fraud over security practices

A Zoom shareholder has filed a lawsuit against the video-conferencing company for allegedly covering up security vulnerabilities in its app. The suit, filed April 7 in a San Francisco federal court, accuses top Zoom executives of failing to disclose flaws in the company’s software, now used by some 200 million people daily. Zoom misrepresented problems with the software’s encryption protocol, failed to disclose that it was sharing user data with Facebook and concealed the extent to which user data was vulnerable to hackers, according to the suit. Zoom chief executive Eric Yuan apologized for security issues in a blog post Monday, saying the company intends to improve its practices. Investor Michael Drieu filed the lawsuit amid ongoing scrutiny of San Jose-based Zoom’s data protection practices. The number of daily users has skyrocketed, up from 10 million in early March, according to the company, as much of the world’s white-collar workforce has […]

The post Zoom shareholder accuses executives of fraud over security practices appeared first on CyberScoop.

Continue reading Zoom shareholder accuses executives of fraud over security practices

Zoom hit with class-action lawsuit for sharing user data with Facebook

A California man on Monday filed a class-action lawsuit against Zoom, alleging the video conferencing service illegally shared user data with Facebook. With its popularity surging during the novel coronavirus pandemic, Zoom “has failed to properly safeguard the personal information of the increasingly millions of users” that use the app, the lawsuit alleges. The complaint accuses Zoom of violating the California Consumer Privacy Act, which requires companies to give consumers notice when they collect and use their personal information. Zoom did not immediately respond to a request for comment. The lawsuit cites a report last week from Vice News, which found that Zoom’s iOS app had been using a Facebook login feature to send the social media giant details on Zoom users. Those details included the model of a user’s device, their phone carrier, and what time zone they were in, the report said. After the Vice story was published, […]

The post Zoom hit with class-action lawsuit for sharing user data with Facebook appeared first on CyberScoop.

Continue reading Zoom hit with class-action lawsuit for sharing user data with Facebook

Facebook settles facial recognition lawsuit for $550 million

Facebook will pay $550 million to settle a class action lawsuit in which users accused the social media giant of using facial recognition software in a way customers hadn’t authorized, marking a win for U.S. privacy advocates who have used state laws to curb data collection. The settlement ends a suit in which customers alleged Facebook’s “Tag Suggestions” service, which recommends the names of people users can tag on their photos. The case accuses Facebook of breaking privacy law in Illinois by mining information about people in Illinois without their consent, then failing to disclose how long that data would be stored. Facebook has refuted allegations of wrongdoing in this case. The company disclosed the settlement Wednesday during its quarterly financial report, in which executives reported that revenue had risen 25% to $21.1 billion in the fourth quarter of 2019. Of the $550 million, individuals attached to the lawsuit can […]

The post Facebook settles facial recognition lawsuit for $550 million appeared first on CyberScoop.

Continue reading Facebook settles facial recognition lawsuit for $550 million