Auto Insurers to Pay $11M+ to N.Y. State After Cyber Attack
Two auto insurance companies will pay over $11 million to New York after data from over 120,000 New York customers was leaked in a November 2020 cyber attack that allowed hackers to exploit the state’s unemployment system. Government Technology reports: Both GEICO and Travelers, major national insurance companies, will pay penalties for their poor data […]
Change Healthcare Ransomware Attack Cost to Rise to $2.87bn in 2024
The Change Healthcare ransomware attack that was first disclosed in February 2024 continues to cause problems and make headlines. HIPAA Journal reports on the financial impact: The cost of the Change Healthcare ransomware attack has risen to $2.457 billion, according to UnitedHealth Group’s Q3, 2024 earnings report. Revenues in the third quarter increased by 9% year-over-year […]
Insurance giant Globe Life facing extortion attempts after data theft from subsidiary
The Record reports: Insurance firm Globe Life is being extorted by hackers after data on more than 5,000 people was stolen from a subsidiary. The company told regulators at the U.S. Securities and Exchange Commission (SEC) that it reported the incident to federal law enforcement. “Based on the Company’s investigation to date, which remains ongoing, the Company […]
Can cyberinsurers or reinsurers justifiably refuse to reimburse victims for ransom payments to those on the U.S. sanctioned list?
If your company is the victim of a ransomware attack and you decide you have no choice but to pay the threat actors, can your cyberinsurer or cyberinsurance reinsurer decline to reimburse you if the threat actors you paid are on Treasury’s sanctioned list? Would reimbursing them expose the cyberinsurer or reinsurer to problems with […]
Data and Privacy Breaches Fuel Cyber Insurance Claims Surge
Risk & Insurance reports: Cyber insurance claims, particularly those related to data and privacy breaches, have seen a significant increase in the first half of 2024, with the U.S. accounting for 72% of large claims in H1 2024, according to Allianz Commercial’s annual cyber risk outlook. The frequency of large cyber claims — those in […]
Scattered Spider Hackers Now Targeting Financial Sector
Threat actors known as Scattered Spider are reportedly turning their attention to the financial sector, hitting banks and insurance groups. Resilience Cyber Insurance Solutions, which has been tracking the group, reports they have targeted 29 companies since April 20. Scattered Spider is the group that was previously linked to disrupting casinos and hotels such as MGM […]
First Financial Security, Inc. notifies 105,764 people of October ransomware attack
On October 17, 2023, First Financial Security, Inc. (“FFS”_ was the victim of a ransomware attack. The Georgia insurance agency recently notified those affected by the incident that the attack appeared to be an attempt to access and lock all data, including both sensitive and non-sensitive data. “Thankfully, the ransomware attack was not successful in […]
DFS Announces $1 Million Cybersecurity Settlement With First American Title Insurance Company
On November 28, the New York State Department of Financial Services (DFS) issued a press release about a settlement stemming from a 2019 data breach: The New York State Department of Financial Services (DFS) today announced that First American Title Insurance Company (First American) will pay a $1 million penalty to New York State for […]
Do you know what your cyber policy covers? (Southwest Airlines v. Liberty Insurance Underwriters)
An article by attorneys at Barnes & Thornburg LLP discusses a court case that serves as a useful reminder of how provisions of cyber policies may be interpreted when it comes to coverage of cyber-related incidents — even when those incidents are not data breaches. In 2016, Southwest Airlines suffered a computer system failure that […]