Analysis, Data, Insurance and Security - Information Management Today

Mitigating the impact of climate change in insurance and other financial services

IBM Big Data Hub

MARCH 25, 2024

According to Berenberg analysts , individual insurance companies faced total claims estimates of up to approximately USD 300 million. For other financial services firms outside of the insurance sector, property accepted as loan security might face climate-related risks as well.

Financial Services

Financial Services Insurance Risk Agriculture

Greylock McKinnon Associates data breach exposed DOJ data of 341650 people

Security Affairs

APRIL 8, 2024

Greylock McKinnon Associates, a service provider for the Department of Justice, suffered a data breach that exposed data of 341650 people. GMA disclosed a data breach that impacted medicare and other information belonging to 5465 people. The data breach occurred on May 30, 2023, and was discovered on February 7, 2024.

Data breaches

Data breaches Insurance Cybersecurity Government

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Security Affairs

APRIL 16, 2024

The Dark Angels (Dunghill) ransomware group claims the hack of the chipmaker Nexperia and the theft of 1 TB of data from the company. The Dark Angels (Dunghill) ransomware group claims responsibility for hacking chipmaker Nexperia and stealing 1 TB of the company’s data. All data is confidential, contains trade secrets. -

Ransomware

Ransomware Manufacturing Insurance Cybersecurity

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

The risks and limitations of AI in insurance

IBM Big Data Hub

MAY 8, 2023

In my previous post , I described the different capabilities of both discriminative and generative AI, and sketched a world of opportunities where AI changes the way that insurers and insured would interact. Technological risk—data confidentiality The chief technological risk is the matter of data confidentiality.

Insurance

Insurance Risk Artificial Intelligence Government

Analysis: Did Anthem's Security 'Certification' Have Value?

Data Breach Today

OCTOBER 23, 2018

Insurer Was Certified as HITRUST CSF Compliant Before Its Mega-Breach Health insurer Anthem had earned HITRUST Common Security Framework certification before its mega-breach.

Insurance

Insurance Security IT

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

Finance and Insurance Is the Sector Most Impacted by Data Breaches In 2022

KnowBe4

DECEMBER 30, 2022

Analysis of the year’s breaches shows Finance and Insurance businesses are the most targeted and have lost a material count of records as a result.

Insurance

Insurance Data breaches Security awareness Security

Few Fortune 100 Firms List Security Pros in Their Executive Ranks

Krebs on Security

JULY 21, 2023

But one aspect of that vaunted list that hasn’t shifted much since is that very few of these companies list any security professionals within their top executive ranks. This is actually down from five of the Fortune 100 in 2018, the last time KrebsOnSecurity performed this analysis.

Security

Security Risk Insurance Cybersecurity

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. based First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2 billion in 2019.

Insurance

Insurance Financial Services Mining Access

Is Trickbot Botnet Making a Comeback?

Data Breach Today

JANUARY 30, 2021

Researchers: Phishing Campaign Targeting Insurance and Legal Industries Trickbot appears to be making a comeback with a fresh campaign that is targeting insurance companies and legal firms in North America, according to an analysis by Menlo Security.

Insurance

Insurance Phishing Security

Crypto Bug Uncovers 'WannaCry 2.0' Clues

Data Breach Today

OCTOBER 1, 2021

The latest edition of the ISMG Security Report features an analysis of how a cryptocurrency exchange bug has revealed North Korean Monero laundering. Also featured are cyber insurance trends and cybercrime innovation.

Insurance

Insurance Security

VF Corp December data breach impacts 35 million customers

Security Affairs

JANUARY 19, 2024

American global apparel and footwear company VF Corp revealed that the December data breach impacted 35.5 VF immediately began taking measures to remediate the attack and launched an investigation into the security breach. ” reads a Form 8-K filed with the Securities and Exchange Commission (SEC) on January 18, 2024.

Data breaches

Data breaches Passwords Retail Insurance

The Week in Cyber Security and Data Privacy: 16–22 October 2023

IT Governance

OCTOBER 24, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks City of Philadelphia discloses data breach after five months Date of breach: 24 May 2023 ( notice issued 20 October 2023).

Data Privacy

Data Privacy Privacy Security Data breaches

Lloyd’s Will No Longer Include Nation-State Attacks in its Cyber Insurance Policies

IT Governance

AUGUST 25, 2022

Lloyd’s of London has announced that its insurance policies will no longer cover losses resulting from certain nation-state cyber attacks or acts of war. In a memo sent to the organisation’s insurance syndicates , Underwriting Director Tony Chaudhry said that Lloyd’s remains “strongly supportive” of policies that cover cyber attacks.

Insurance

Insurance IT Government Risk

The Week in Cyber Security and Data Privacy: 30 October – 5 November 2023

IT Governance

NOVEMBER 6, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. When MOVEit was hacked by the Russian Cl0p ransomware gang in May, email addresses and links to government employee surveys were compromised.

Data Privacy

Data Privacy Privacy Libraries Security

The business value of operating core insurance solutions on the cloud

IBM Big Data Hub

JUNE 23, 2023

Although interest rates have increased at an unprecedented rate over the past year due to efforts by central banks to curb inflation, insurers are locked into low-yielding investments, and it will take several years for their investment yields to improve. Core modernization (processes and technology) is a top priority for every insurer.

Insurance

Insurance Cloud Digital transformation Customer Experience

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

IT Governance

NOVEMBER 13, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The data included shoppers’ names, email addresses, phone numbers, countries of residence and membership numbers.

Data Privacy

Data Privacy Privacy Security Data breaches

Analysis: Report on China Attacking Mobile Devices

Data Breach Today

SEPTEMBER 6, 2019

This week's ISMG Security Report takes a close look at whether an iPhone hacking campaign may be linked to Android spying campaigns by China. Plus: Do ransomware gangs target organizations that have cyber insurance?

Insurance

Insurance Ransomware Security

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

IT Governance

JANUARY 9, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks: in the spotlight Hathaway breached, 41.5 The compromised data allegedly includes names, email addresses and phone numbers.

Data Privacy

Data Privacy Privacy Manufacturing Data breaches

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

Security Affairs

NOVEMBER 23, 2023

American retailer and distributor of automotive parts and accessories AutoZone discloses a data breach after a MOVEit attack. AutoZone disclosed a data breach resulting from the hack of their MOVEit Transfer installation. Based on that analysis, we have determined that certain of your information was included in those files.”

Data breaches

Data breaches Retail Education Ransomware

Global Data Breaches and Cyber Attacks in December 2023 – 2,241,916,765 Records Breached

IT Governance

JANUARY 5, 2024

IT Governance’s research found the following for December 2023: 1,351 publicly disclosed security incidents. For instance, a two-month Europol action (revealed to the public on 22 December) discovered that 443 organisations had suffered data breaches – specifically, their customers’ payment card data had been compromised.

Data breaches

Data breaches Insurance Manufacturing Ransomware

RSAC insights: How ‘TPRM’ can help shrink security skills gap — while protecting supply chains

The Last Watchdog

JUNE 2, 2022

Big banks and insurance companies instilled the practice of requesting their third-party vendors to fill out increasingly bloated questionnaires, called bespoke assessments, which they then used as their sole basis for assessing third-party risk. It does this by ingesting and correlating data from a wide array of security-related datasets.

Security

Security Risk Digital transformation Cybersecurity

Data Breaches and Cyber Attacks in October 2023 – 867,072,315 Records Breached

IT Governance

NOVEMBER 3, 2023

IT Governance’s research has discovered the following for October 2023: 114 publicly disclosed security incidents. Introducing our Data Breach Dashboard We’re excited to introduce our new monthly Data Breach Dashboard – a one-page overview of this month’s key findings that you can download for free.

Data breaches

Data breaches Insurance Ransomware Education

The Week in Cyber Security and Data Privacy: 5 – 11 February 2024

IT Governance

FEBRUARY 14, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Financial information, medical data, health reimbursements, postal addresses, telephone numbers and emails are not thought to have been compromised.

Data Privacy

Data Privacy Manufacturing Privacy Security

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Fowler sent a responsible disclosure notice when he discovered the database and it was secured the following day. Data breached: 2.7 Date breached: 384,658,212 records.

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

Watch out! Malware Analysis Sandboxes could expose sensitive data of your organization

Security Affairs

AUGUST 19, 2019

A study conducted by researchers at Cyjax revealed that organizations expose sensitive data via sandboxes used for malware analysis. Experts at the threat intelligence firm Cyjax analyzed file uploaded by organizations via malware analysis sandboxes and discovered that they were exposing sensitive data.

Military

Military Insurance Education Phishing

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. The experts detected 8.3

Insurance

Insurance Data breaches Financial Services Passwords

HHS Targets Small Behavioral Health Clinic for HIPAA Violations Following Ransomware Investigation

Hunton Privacy

FEBRUARY 29, 2024

It filed a breach report with OCR in February 2019, which then investigated the organization’s data practices starting in December 2019. Develop an enterprise-wide Risk Management Plan to address any risks and vulnerabilities identified, which is to be provided to HHS for review within 90 days of HHS approval of the risk analysis.

Ransomware

Ransomware Personal data Risk Privacy

Connecticut Tightens its Data Breach Notification Laws

Data Protection Report

OCTOBER 3, 2021

Effective October 1, 2021, an amendment [1] to the Connecticut General Statute concerning data privacy breaches, Section 36a-701b, will impact notification obligations in several significant ways. Provides certain exemptions from public disclosure for materials provided to the state in response to an investigation of a breach of security.

Data breaches

Data breaches IT Insurance Passwords

Cryptocurrency Exchange Bug Reveals 'WannaCry 2.0' Clues

Data Breach Today

OCTOBER 4, 2021

The latest edition of the ISMG Security Report features an analysis of how a cryptocurrency exchange bug has revealed North Korean monero laundering. Also featured are cyber insurance trends and cybercrime innovation.

Insurance

Insurance Security

How to make sure your cyber insurance policy pays out

IT Governance

JULY 15, 2019

Cyber insurance is big business these days. With the ever-present danger of data breaches and cyber attacks, organisations must be sure that they have the financial backing to respond appropriately. Most policies include provisions requiring organisations to follow certain information security best practices.

Insurance

Insurance Data breaches Risk Information Security

Australian Privacy Regulator Sues in Data Breach Case

Hunton Privacy

NOVEMBER 15, 2023

Patrick Gunning from King & Wood Mallesons reports that, on November 2, 2023, the Australian Information Commissioner filed proceedings in the Federal Court of Australia against Australian Clinical Labs Limited seeking a civil penalty ( i.e. , a fine) in connection with the company’s response to a data breach that occurred in February 2022.

Data breaches

Data breaches Privacy Risk Information Security

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Hunton Privacy

FEBRUARY 25, 2021

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. sought coverage for expenses under its property insurance policy.

Insurance

Insurance Cybersecurity Risk Education

What Is Information Security Management?

IT Governance

FEBRUARY 22, 2022

Information security management is a way of protecting an organisation’s sensitive data from threats and vulnerabilities. The process is typically embedded via an ISMS (information security management system) , which provides the framework for managing information security. Benefits of information security management.

Information Security

Information Security Security Data breaches Risk

China-linked Moshen Dragon abuses security software to sideload malware

Security Affairs

MAY 3, 2022

The threat actor systematically utilized software distributed by security vendors to sideload ShadowPad and PlugX variants.” ” reads the analysis published by SentinelOne. The attackers focused on the hijacking of programs belonging to security vendors, including Symantec, TrendMicro, BitDefender, McAfee and Kaspersky.

Security

Security Military Insurance Cybersecurity

The Week in Cyber Security and Data Privacy: 13 – 19 November 2023

IT Governance

NOVEMBER 20, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. According to OPB, the district didn’t provide details, but said that “our student credentials may have been compromised as part of a security incident”.

Data Privacy

Data Privacy Privacy Data breaches Security

German IT provider Bitmarck hit by cyberattack

Security Affairs

MAY 1, 2023

Bitmarck, one of the largest IT service providers for social insurance carriers in Germany, announced yesterday that it has suffered a cyber attack. The incident impacted statutory health insurance companies that have their IT operated by BITMARCK. ” reads the announcement published by the company.

IT

IT Insurance Data breaches Education

Data Breach: Turkish legal advising company exposed over 15,000 clients

Security Affairs

FEBRUARY 26, 2021

Data Breach: WizCase team uncovered a massive data leak containing private information about Turkish Citizens through a misconfigured Amazon S3 bucket. Inova is an actuarial consultancy company, which means they compile statistical analysis and calculate insurance risks and premiums. What’s Going On?

Data breaches

Data breaches Insurance Paper Access

The Week in Cyber Security and Data Privacy: 23–29 October 2023

IT Governance

OCTOBER 31, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Data has been exfiltrated, but we don’t know how much. The data controller of the breached data is currently unclear. Records breached: Unknown.

Data Privacy

Data Privacy Privacy Data breaches Security

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

FEBRUARY 6, 2019

On December 3, 2018, twelve attorneys general (“AGs”) jointly filed a data breach lawsuit against Medical Informatics Engineering and its subsidiary, NoMoreClipboard LLC (collectively “the Company”), an electronic health records company, in federal district court in Indiana. See Indiana v. Informatics Eng’g, Inc. , 3:18-cv-00969 (N.D.

Data breaches

Data breaches Computer and Electronics Security Insurance

The Week in Cyber Security and Data Privacy: 20 – 26 November 2023

IT Governance

NOVEMBER 28, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Over 56 million sensitive records leaked by TmaxSoft TmaxSoft, an IT company in South Korea, has exposed 2 TB of data to the Internet via a Kibana dashboard for over two years.

Data Privacy

Data Privacy Privacy Energy and Utilities Data breaches

Data Breaches and Cyber Attacks in November 2023 – 519,111,354 Records Breached

IT Governance

DECEMBER 5, 2023

IT Governance’s research has found the following for November 2023: 470 publicly disclosed security incidents. Data Breach Dashboard For a quick, one-page overview of this month’s findings, please use our Data Breach Dashboard: Note: From this month, zero-day vulnerabilities are excluded from the ‘unpatched or misconfigured’ category.

Data breaches

Data breaches Ransomware Access Security

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing

Thales Cloud Protection & Licensing

DECEMBER 22, 2020

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing. New EU restrictions could force companies to change data transfer practices and adopt more advanced data encryption methods. In recent years, costly breaches and evolving data security concerns have bubbled up to a board level agenda item.

Data Privacy

Data Privacy Privacy Security Encryption

LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach

Krebs on Security

JUNE 4, 2019

said today personal and financial data on some 7.7 That third party — the American Medical Collection Agency (AMCA) — also recently notified competing firm Quest Diagnostics that an intrusion in its payments Web site exposed personal, financial and medical data on nearly 12 million Quest patients. million patients.

Insurance

Insurance Data Privacy Access Security

Mitigating the impact of climate change in insurance and other financial services

Greylock McKinnon Associates data breach exposed DOJ data of 341650 people

Webinars

Trending Sources

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Webinars

The risks and limitations of AI in insurance

Analysis: Did Anthem's Security 'Certification' Have Value?

Security Compliance & Data Privacy Regulations

Finance and Insurance Is the Sector Most Impacted by Data Breaches In 2022

Few Fortune 100 Firms List Security Pros in Their Executive Ranks

NY Charges First American Financial for Massive Data Leak

Is Trickbot Botnet Making a Comeback?

Crypto Bug Uncovers 'WannaCry 2.0' Clues

VF Corp December data breach impacts 35 million customers

The Week in Cyber Security and Data Privacy: 16–22 October 2023

Lloyd’s Will No Longer Include Nation-State Attacks in its Cyber Insurance Policies

The Week in Cyber Security and Data Privacy: 30 October – 5 November 2023

The business value of operating core insurance solutions on the cloud

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

Analysis: Report on China Attacking Mobile Devices

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

Global Data Breaches and Cyber Attacks in December 2023 – 2,241,916,765 Records Breached

RSAC insights: How ‘TPRM’ can help shrink security skills gap — while protecting supply chains

Data Breaches and Cyber Attacks in October 2023 – 867,072,315 Records Breached

The Week in Cyber Security and Data Privacy: 5 – 11 February 2024

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

Watch out! Malware Analysis Sandboxes could expose sensitive data of your organization

American Insurance firm State Farm victim of credential stuffing attacks

HHS Targets Small Behavioral Health Clinic for HIPAA Violations Following Ransomware Investigation

Connecticut Tightens its Data Breach Notification Laws

Cryptocurrency Exchange Bug Reveals 'WannaCry 2.0' Clues

How to make sure your cyber insurance policy pays out

Australian Privacy Regulator Sues in Data Breach Case

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

What Is Information Security Management?

China-linked Moshen Dragon abuses security software to sideload malware

The Week in Cyber Security and Data Privacy: 13 – 19 November 2023

German IT provider Bitmarck hit by cyberattack

Data Breach: Turkish legal advising company exposed over 15,000 clients

The Week in Cyber Security and Data Privacy: 23–29 October 2023

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

The Week in Cyber Security and Data Privacy: 20 – 26 November 2023

Data Breaches and Cyber Attacks in November 2023 – 519,111,354 Records Breached

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing

LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach

Stay Connected