The Rippleshot Data Breach Blog

Data Breach Ripples: Week of March 20

Written by Zach Walker | Mar 20, 2015 6:30:00 PM

 

In this week's issue: another health care provider has suffered a data breach, Target is looking to settle its 2013 data breach lawsuit, a recent Verizon report indicated that nearly half of all American consumers have been affected by a data breach, Uber discloses information regarding its driver-related data breach and in this week's Rippleshot blog post, we take a look at the fraudulent spending related to cards used on Apple Pay.

Premera Blue Cross Breach Exposes Financial, Medical Records

Earlier this week, Premera Blue Cross announced that they had been the victim of a data breach, compromising the financial and medical records of 11 million customers. The health care provider set up a web site to provide additional information about the data breach. According to Premera, an investigation into their IT systems revealed that a data breach had occurred on May 5, 2014. It is worth noting that Premera notified the Federal Bureau of Investigations and is working with FBI during the bureau’s investigation.

The company first learned of the data breach on January 29, 2015, affecting Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska and the company’s affiliate brands, Vivacity and Connexion Insurance Solutions, Inc. For the 11 million affected by the data breach, Premera is in the process of notifying those affected and offering two years of free credit monitoring and identity protection services to those affected.

Target Will Pay $10 million To Settle Lawsuit From Data Breach 

Following the class-action lawsuits originally filed against Target after the 2013 massive data breach, the retailer has agreed to pay $10 million in damages to settle its lawsuit. With the U.S. federal court’s approval, Target will deposit the said amount into an interest bearing escrow account in order to pay each affected victim up to $10,000 in damages.

In the proposal, Target will have to create and implement additional data security measures such as maintaining a written information security program and continuing to utilize the company’s first Chief Information Security Officer (CISO).

Data Breaches Hit Half of America: Verizon Report 

In Verizon's 2015 PCI Compliance Report, 45% of all American consumers reported that their personal payment information or that of a household member’s was exposed due to data breaches. This year’s report suggested that until financial institutions begin implementing Chip and PIN (EMV) payment cards, fraud related issues would continue to increase due to data breaches.

For an in-depth look into the Verizon 2015 PCI Compliance Report, you can download a copy here.

Uber Discloses Information on Data Breach 

Late in February, Uber released a statement that an unauthorized third party gained access to Uber’s database exposing the personal information of 50,000 of its current and former drivers. According to the company, the data breach occurred on May 13, 2014 and was not discovered until several months later on September 17, 2014.

Uber has been in the spotlight recently due to the fact that it took the company roughly 5 months to notice a network intrusion, especially after receiving an external privacy audit after a reviewing the company’s security protocols.

Rippleshot Content: Apple Pay And Fraud, Where Is It Happening and How Can We Stop It?

In the Data Breach Ripples for the week of March 06, we briefly covered recent reports that a spike in fraud was being spotted on Apple Pay’s platform. For this week’s Rippleshot blog post, we take an in-depth look at the problem occurring with payment cards associated with Apple Pay and the fraud-related charges. Apple continues to promote its mobile payments system, looking to increase its user base after a less than expected adoption rate.

 

Thanks for reading this week’s newsletter. If you missed the last Data Breach Ripples email or want to share these with friends or colleagues, click HERE!