At a glance.
- What you need to know about the Optus data breach.
- US health network suffers data breach.
- Recent US data breach settlements.
What you need to know about the Optus data breach.
The unfolding investigation into the unprecedented data breach of leading Australian mobile provider Optus has been packed with twists and turns. Cyber Security Hub offers a rundown of the major developments so far, from the first detection of the breach to the news earlier this week that law firm Maurice Blackburn was opening a class action investigation into the incident. Late last week a hacker posted private customer data he claimed to have stolen from Optus during the breach, pledging to release additional data if Optus didn’t meet his ransom demands, only to apologize and delete the records the next day. Despite the ample media coverage, there are many questions still unanswered, like exactly how the breach occurred, and precisely how many of Optus’s nearly 10 million customers were impacted.
US health network suffers data breach.
Family Health Centers (FMC), a primary care clinic network based in the US state of Texas, has reported it sustained a healthcare data breach impacting 233,948 individuals. FMC says it first discovered suspicious activity in its IT systems on July 26, Health IT Security reports. After shutting down the breach the same day, the healthcare provider enlisted independent IT security experts and forensic specialists to investigate. The potentially compromised data include patient names, mailing addresses, Social Security numbers, dates of birth, and protected health information. A notice on the FMC website states, “Although we are unaware of any misuse of anyone’s personal information, to help relieve concerns and restore confidence following this incident, we have secured the services of Kroll to provide identity monitoring, at no cost, to affected individuals.”
Recent US data breach settlements.
US managed health care company Magellan Health has agreed to pay $1.43 million to settle a lawsuit over a 2019 phishing attack that exposed the protected health information of 273,000 patients. The plaintiffs allege that the breach could have been prevented if Magellan employed better cybersecurity practices, and that Magellan neglected to properly notify impacted patients of the incident. Becker’s Hospital Review notes that the settlement does not equal an admission of guilt on Magellan Health’s part.
American investment platform Robinhood suffered a data breach in 2020 that allowed intruders to take over customers’ accounts. Top Class Actions reports that Robinhood has reached a $20 million settlement to resolve claims that the company failed to employ security measures that could have prevented the breach, including neglecting to list a customer service phone number for users, forcing them to resort to email when inquiring about the issues with their accounts. As well, despite pledging to cover 100% of all losses incurred by clients who experienced unauthorized activity, Robinhood allegedly denied some reimbursement requests without explanation. Each victim is eligible for an award of up to $260.
Today marks the last day that customers impacted in the 2019 data breach of US bank Capital One can claim a portion of the resulting $190 million settlement. CNET notes that the breach exposed the personal data of over 100 million individuals. Plaintiffs argued that Capital One "knew of the particular security vulnerabilities that permitted the data breach,” and had the bank employed the appropriate cybersecurity protocols, the intruder would not have been able to infiltrate its cloud computing systems undetected for four months. In a statement, Capital One said it agreed to the settlement "in the interest of avoiding the time, expense and uncertainty of continued litigation."