Phishing Attacks in NC and TX Expose 30,000 Patients’ PHI

Choice Health Management Services located in Claremont, NC, a rehabilitation services provider and owner of a number of assisted living facilities in South and North Carolina, has suffered an email security breach impacting its staff, and present and old patients.

Choice Health discovered the security breach at the end of 2019 when shady activity was seen in the email accounts of several of its staff. An internal investigation confirmed on January 17, 2020 the suspicious access of 17 workers’ email accounts. Considering that it was not feasible to find out which e-mails and/or file attachments the hackers had accessed, a third-party agency was called in to help with the investigation. Though the investigation was completed on March 27, 2020 saying that the exposed accounts stored sensitive data, it was unsure which locations the impacted people had been to for treatment. It was just on May 12, 2020 that those persons were matched to a specified facility.

The breached accounts comprised a big selection of sensitive data which include names, Social Security numbers,birth dates, passport numbers, driver’s license numbers, credit card details, financial account data, employer identification number, email address and password or connected security questions, username and password or linked security questions, provider name, date of service, patient number, medical record number, medical details, diagnostic or treatment data, surgical details, prescribed medicines, and/or medical insurance data.

Choice Health mailed notification letters to the impacted patients and made sure to strengthen security to avert later data breaches. Based on the HHS’ Office for Civil Rights breach website, there were 11,650 persons impacted.

Phishing Attack on Houston Health Clinic Affects 19,000 Patients

Legacy Community Health, a Houston, TX federally eligible health center, is informing around 19,000 patients concerning the probable unauthorized access of their protected health information (PHI) by an individual who acquired access to the email account of one staff.

On April 10, 2020, a staff answered an email assuming it is a valid request and exposed credentials that granted the hacker access to his/her email account. Legacy Community Health found out about the breach on April 16, 2020 and quickly protected the email account.

Helped by an independent computer forensics agency, Legacy Community Health established that the breach impacted just one email account that was uncovered to include names of patients, dates of service, and medical information linked to the care given at its clinics.

The breach investigation is in progress and notification letters will soon be mailed to all persons whose data were compromised. At this time, there is no proof uncovered that indicate the acquisition or improper use of any patient data.

Legacy Community Health is doing the steps to strengthen email security and has made it possible for multi-factor authentication on its email accounts. More training was additionally given to personnel to help them discern and stay clear of phishing emails.

Magellan Health Ransomware Impacts More Than 364,000 Individuals

The April 2020 ransomware attack on Magellan Health is now posted on the HHS’ Office for Civil Rights breach portal. There were 6 Magellan entities affected, which already reported the incident individually. Some other entities also sent in breach reports to verify the impact on their patients and subscribers.

It is too soon to state exactly how many people were affected by the ransomware attack, nevertheless as of July 1, 2020, the total is higher than 364,000. Thus, this breach incident is right now the third largest healthcare data breach that is reported in 2020. Some entities may have not reported the breach yet.

The entities that have confirmed being impacted by the breach are detailed in the following below.

  • Magellan Healthcare, Maryland – 50,410 individuals affected
  • Magellan Complete Care of Florida – 76,236 individuals affected
  • Magellan Rx Pharmacy – 33,040 individuals affected
  • Magellan Complete Care of Virginia – 3,568 individuals affected
  • Merit Health Insurance Company – 102,748 individuals affected
  • National Imaging Associate – 22,560 individuals affected
  • University of Florida Jacksonville – 54,002 individuals affected
  • University of Florida, Health Shands – 13,146 individuals affected
  • University of Florida – 9,182 individuals affected
  • Total individuals affected were 364,892

A lot of healthcare ransomware attacks that have been reported in the past weeks used brute force attacks on remote desktop services or exploited VPN vulnerabilities. But this ransomware attack is different as it used spear phishing email that impersonated a Magellan client. The attacker sent the spear phishing email on April 6 and deployed the ransomware less than one week later.

In the substitute breach notification letter of Magellan sent to the California Attorney General’s Office, it was mentioned that the attacker downloaded malware that was meant to take login credentials and passwords, and get access to one of Magellan’s corporate server and stole worker details. The attackers stole data associated with present workers and included the following details: Address, employee ID number, and W-2 or 1099 details that include Social Security number or Taxpayer ID number. For some employees, the attacker also got their usernames and passwords.

The notice of security incident posted on the Magellan Health websites confirms that Magellan Health patients and its subsidiaries and affiliates were likewise impacted. The following types of data were exposed: Treatment data, health insurance account details, member ID, other data related to health, phone numbers, email addresses, and physical addresses. Social Security numbers were also affected in particular instances.

On the June 12, 2020 website notice, there is no mention made whether there was a theft of protected health information (PHI) in the attack. In all incidents, Magellan Health states there is no evidence uncovered to date that suggests the misuse of any patient or personnel information.

Not Enough Visibility and Poor Access Management are Big Contributors to Cloud Data Breaches

More businesses today are working on their digital transformations and are using the versatility, scalability, and cost savings offered by public cloud spaces. However, the security of public clouds can pose a big challenge.

One of the primary issues that has hindered businesses from using the public cloud is security. Security teams frequently feel that securing an on-site data center is a lot easier than securing information in public clouds, though many are realizing it is also easy to secure public clouds.

Public cloud providers today give a variety of security tools that could help businesses protect their cloud spaces. Although these offerings could definitely make cloud security more straightforward, organizations must still make sure that their cloud services are configured properly, identities and access rights are properly managed, and they have total visibility into all of their cloud workloads.

Cloud security vendor Ermetic not long ago commissioned IDC to perform a survey of CISOs to look into the difficulties connected with cloud safety and see how companies were doing at protecting their public clouds. Over 300 CISOs and IT decision makers responded to the survey.

79% of survey respondents stated they had encountered a cloud data breach in the last 18 months. 43% of survey participants stated they had encountered 10+ cloud data breaches in the same period, firmly indicating the hard time companies are having when securing their public cloud environments.

When asked regarding the biggest security pitfalls, here are the results:

  • 67% stated they were worried about security misconfigurations
  • 64% stated not enough visibility into access configurations and activities was a crucial element contributing to cloud data breaches
  • 61% stated access management and permission errors were a big breach risk

The intricacy of public cloud environments makes security hard to deal with. The flexibility of the cloud implies it is simple to immediately have more options on demand, but what usually happens is cloud deployments turn into a maze of interconnected devices, users, programs, services, and containers. If companies do not have total visibility into their public cloud environments, it is hard to make certain of proper permissions and the principle of least privilege is properly applied.

Establishing and handling access policies is a big obstacle. Access policies must be altered regularly, yet 80% of survey respondents stated they couldn’t properly handle increased data access for IaaS and PaaS. Too Much permissions are typically abused by cybercriminals, who utilize them for various malicious activities like data theft, data deletion, and deploying malware or ransomware.

Ermetic explained that most high-profile cybersecurity occurrences in recent times were due to the failure of customers to correctly configure their cloud environments, or giving too much or incorrect access permissions to cloud services, instead of the cloud provider’ failure to perform its commitments.

Regarding questions on the main cloud security concerns, the survey result is as follows:

  • 78% of respondents stated compliance monitoring
  • 75% answered authorization and permission management
  • 73% stated security configuration management

71% of survey respondents answered one of the biggest issues was detection of excessive permissions, nevertheless, only 20% of respondents said they can identify circumstances when employees were given excessive permissions.

The survey verified that excessive permissions are a big issue in healthcare. 31.25% of healthcare companies stated they had determined a situation where employees were given excessive permissions.

There were a lot of cases where security misconfigurations caused the exposure of sensitive data, with misconfigured Elasticsearch cases and AWS S3 buckets a prevalent reason for data breaches, however it is likewise essential to make sure that identities and permissions are correctly managed.

Making sure that users, apps, and services get access only to the cloud information and cloud resources that are required for their valid purposes was reported as the greatest cloud data protection problem by respondents to the survey.

Software Error in Telehealth App Allowed Patients to Access Videos of Other Patients’ Consultations

A chatbot and telehealth startup company located in the UK has sustained an embarrassing privacy breach this week. Babylon Health made a telehealth application that general practitioners could utilize for virtual consultations with patients. The app permits users to make consultations with their physicians, make use of an AI-based chatbot for triage, and conduct voice and video meetings with their doctor by means of the app.

On June 9, 2020, a patient utilizing the app to get his prescribed medications saw the video clips of 50 patients’ consultation sessions in the archive area of the app. The files included video replays of meetings between patients and doctors, exposing private and, possibly, very sensitive data.

The patient shared the discovery on Twitter. Getting access to video appointments of patients in the application is an extensive data breach with more than 50 video clips.

Babylon Health gave a statement stating that the incident was because of a glitch in the applicatioin and not a malicious attack. Babylon Health mentioned that it found out about the error prior to the patient’s announcement of the data breach on Twitter and stated that the problem was fixed in several hours.

Based on the investigation, three patients got access to the video clips of other patients, nevertheless in two instances, the patients didn’t see any of the video footage. The glitch just occurred in the UK app version and did not impact its global operations. The glitch was introduced during the app udate to enable switching between video and audio while a patient is on a conference with a doctor.

Babylon Health already filed a report of the data breach to the UK Information Commissioner’s Office as ordered by the EU’s General Data Protection Regulation and will publish complete details concerning the data breach.

In this incident the software problem doesn’t seem to have compromised a lot of patients’ meetings, however it causes worry considering the highly sensitive health data compromised using the app. There are presently roughly 2.3 million application users in the United Kingdom, hence the breach can potentially grow a lot worse.

Telehealth services had a big expansion in the U.S. due to the COVID-19 pandemic. The HHS’ Centers for Medicare and Medicaid Services (CMS) increased coverage for reimbursable telehealth services throughout the COVID-19 pandemic and the HHS’ Office for Civil Rights (OCR) gave a notice of enforcement discretion for telehealth services, enabling healthcare organizations to employ communications solutions that might not be completely HIPAA compliant.

Given the growth in telehealth services, and the wide selection of apps being utilized to offer telehealth services, this may well be only the initial of a number of privacy breaches that involve telehealth services this 2020.

Although no financial penalties might be issued because of privacy and security concerns linked to the honest offering of telehealth services at this time of COVID_19 public health crisis, care must still be exercised whenever picking a telehealth service. A lot of video conferencing platforms were not created with adequate security protections to make sure patient information is appropriately secured, which puts patient privacy in jeopardy. As this occurrence shows, data leaks could transpire even with purpose-built health apps.

To make certain to secure patient privacy , every new technology must have security check. Now that the COVID-19 pandemic is more under control, it is the appropriate time to perform a check of any telehealth apps and other program which was introduced to make certain there are enough protections of patient data.

It is additionally worth noting the advice to switch to a HIPAA-compliant healthcare telehealth solution that has extensive data privacy and security controls. TigerTouch is a provider of telehealth solutions that enable healthcare organizations to quickly message with care team members and do telehealth consultations with patients from home using the same app. The solution follows all HIPAA requirements, integrates a lot of safety measures to make certain patient data is safe, and the platform permits the sharing of files, photos, and ePHI immediately and securely. View an on-demand webinar here to know more regarding the app.

Fake VPN Warnings Employed as Bait in Office 365 Information Phishing Campaign

A phishing campaign was known to use bogus VPN notifications as a bait so that remote personnel would disclose their Office 365 information.

Healthcare organizations are performing more telehealth services at this time of the COVID-19 public health crisis to help avoid the propagation of COVID-19 and make certain that healthcare companies can keep on providing services to patients while self-quaratining at home.

Virtual private networks (VPNs) are utilized to assist telehealth services and offer them safe access to their system and patient information. A few vulnerabilities were found in VPNs which hackers are taking advantage of to obtain access to company systems to steal sensitive files and install malware and ransomware. Immediate patching is hence crucial for VPN systems and install updates to VPN clients on worker laptops. Personnel may consequently get updates to their VPN.

Abnormal Security research specialists discovered a phishing campaign which impersonates a user’s corporation and remarks there is a situation with the VPN setting that have to be dealt with to let the user to go on using the VPN to get access to the system.

The email messages look like they were dispatched by the IT Support personnel and has a link that has to be clicked to set up an update. The end user is advised in the email message that they have to provide their username and security password to get access to execute the update.

This focus of the campaign are particular establishments and spoofs an internal email account to make it look like that the message came from a known domain. The link comes with anchor text linked to the user’s firm to disguise the right destination URL to make it look reputable. In case the end user clicks the url in the message, they are going to be sent to a web page having a real looking Office 365 sign in prompt. The phishing page is managed on a legit Microsoft .NET platform and so it has has a reasonable safety certification.

The attacker could grab the login information inputted on the web page and use it to acquire access to the person’semail account and get sensitive information in email messages and file attachments, including other information utilizing the Office 365 information via single sign-on.

Abnormal Security identified several phishing emails that make use of several versions of this communication, which were dispatched from various IP addresses. Given that the destination phishing link is identical in each email account, it indicates that the email messages are a section of a similar campaign delivered by just one attacker.

Russian Sandworm Hacking Group Exploits Exim Mail Servers

A Russian hacking group named Sandworm (Fancy Bear) is taking advantage of an Exim Mail Transfer Agent vulnerability, which is typically employed for Unix-based systems. The vulnerability, monitored as CVE-2019-10149, is a remote code execution vulnerability which was found in Exim version 4.87.

An update to resolve the vulnerability was made available on June 5, 2019, nevertheless numerous businesses still didn’t update Exim and stayed vulnerable to hackers.

The vulnerability could be taken advantage of by transmitting a uniquely made email which permits the completion of commands having root privileges. Subsequent to the flaw exploitation, an attacker could install software programs, execute code they pick, alter data, make new accounts, and possibly get access to saved information.

As per the latest National Security Agency (NSA) notification, Sandworm hackers exploit the vulnerability by means of adding a malicious code in an SMTP message’s MAIL FROM field. Attackers can exploit businesses by using insecure Exim versions which possess internet-facing mail transfer agents.

Following the vulnerability exploitation, the attackers obtain a shell script from a networked server and utilize it to create privileged users, change SSH settings to enable remote access, turn off network defense settings, and implement another script to enable further exploitation. This would likely permit the attackers to acquire total control of the email server. When that occurs, all inbound and outbound e-mail messages can be intercepted and exfiltrated.

Sandworm is one of Russia’s General Staff Main Intelligence Directorate, also identified as GRU. The hackers have formerly performed attacks on European and the United States nations. The group has carried out a few cyberattacks on foreign government authorities that are alleged to have affected Russia’s 2016 presidential election.

The NSA has advised mitigations to avert flaw exploitation. The most important advice is updating Exim to version 4.93 or a new release without delay. The update will resolve the CVE-2019-10149 vulnerability along with other vulnerabilities which hackers may likely exploit. After upgrading, administrators must be certain that software updates are checked on a regular basis and updated the instant new versions are available. Exim Mail Transfer Agent software could be updated using the Linux distribution’s package manager or straight from Exim.

When it isn’t possible to update quickly, it might be likely to spot and deter exploit efforts. For example, “Snort 3 rule 1-50356 warns about exploit attempts automatically for enlisted Snort Intrusion Detection System (IDS) users. Administrators need to also consistently confirm that there are no suspicious system changes for example added accounts and SSH keys. Alterations would point out a breach.

The NSA proposes reducing user access privileges whenever setting up public-facing mail transfer agents and system segmentation ought to be employed to differentiate functions and prerequisites. It is crucial to keep public mail transfer agents distinguished from sensitive internal resources in a DMZ enclave, and firewall rules must be set to stop unexpected traffic from being able to access trusted internal resources. It is additionally necessary to only allow mail transfer agents to transmit outgoing traffic to essential ports. All other ports need to be stopped up.

PHI Exposed Due to Geisinger Wyoming Valley Medical Center and District Medical Group Data Breaches

District Medical Group (DMG) in Arizona, which is an integrated medical group, has commenced informing 10,190 patients about the potential compromise of some of their protected health information (PHI). On March 11, 2020, DMG learned that an unauthorized man or woman had acquired access to the email accounts of a number of its employees after responding to phishing email messages.

DMG quickly carried out a password reset to stop the unauthorized person from accessing the accounts. A prominent cybersecurity agency was hired to check out the breach. The investigation confirmed the compromise of several email accounts between February 4, 2020 and February 10, 2020.

An evaluation of messages and file attachments in the breached email accounts confirmed they comprised patient details for instance names, medical information, medical record numbers, and health insurance data. The Social Security numbers of a limited number of patients were also potentially exposed. There is no evidence uncovered that implied the attackers accessed or copied the emails.

DMG advised the affected patients to be alert and keep an eye on their accounts and statements for any hint of fraudulent activity. As a safety precaution, the medical group offered complimentary credit monitoring and identity theft protection services to individuals who had their Social Security numbers listed in the accounts.

DMG has improved employee education and has taken action to boost email security to stop more breaches from now on.

HIPAA Newshipaanews

An Employee of Geisinger Wyoming Valley Medical Center Fired for Unauthorized Health Record Access

Geisinger Wyoming Valley Medical Center (GWVMC) in Wilkes-Barre, PA found out that an employee has long been accessing patient medical records with no valid work reason.

GWVMC was notified to the probable HIPAA breach on March 20, 2020 and initiated an internal inspection. The personnel was allowed to use patient data to accomplish everyday work tasks, nevertheless it was learned that the employee viewed the medical records of 805 patients beyond those work tasks. The unauthorized access commenced in July 2017 and kept on up to March 2020.

The investigation didn’t show any proof that imply the access of health data with malicious motive. As a safety precaution, GWVMC offered complimentary credit monitoring and identity theft protection services to the affected patients.

The employee viewed the following types of information: names, phone numbers, addresses, email addresses, dates of birth, Social Security numbers, medical disorders, diagnoses, prescribed medicines, visit notes, dates of service, test results, and appointment details.

GWVMC took suitable disciplinary measures against the worker for breaking HIPAA regulations and hospital policies. The staff is no longer working at GWVMC.

Study Reveals That Paying a Ransom Increases Two-fold the Expense of Recovery from a Ransomware Attack

Institutions that suffer a ransomware attack could be persuaded to pay the ransom to diminish downtime and costs on recovery, yet a Sophos survey shows institutions that pay the ransom in fact wind up expending far more than those that restore their files using backups.

The FBI doesn’t endorse paying a ransom since doing so gives threat actors funds to make it possible for them to carry out even more attacks on victims. In addition, there’s no assurance that the attackers will give legit keys for decrypting information. The higher cost may now be another point added to the checklist of reasons for not paying.

The market research agency Vanson Bourne performed the survey between January and February 2020 on roughly 5,000 IT decision makers at firms with 100 to 5,000 personnel all across 26 countries among them are Canada, the United Kingdom and the United States.

51% of the surveyed people mentioned they had suffered a ransomware attack in the past 12 months, 73% reported that the attack resulted in data encryption. 26% of the attacked establishments paid off the ransom and 73% did not pay. 56% of organizations mentioned they had recovered their files from backups. Out of the organizations that settled the ransom, 95% reported they had retrieved their information. 1% of organizations that paid the ransom demand mentioned they did not retrieve their data.

84% of companies mentioned they acquired a cyber insurance policy, nevertheless only 64% stated that policy dealt with ransomware attacks. Of the 64% that got insurance protection for ransomware attacks, 94% claimed the insurance firm paid the ransom.

Ransomware attack victims were instructed to provide an approximate cost of the attack, as well as downtime, employees costs, devices costs, lost revenue, and other linked costs. The average cost in the event where the organization did not pay the ransom was $732,520. The cost spent by businesses that paid the ransom was close to twice that amount – $1,448,458.

The ransom payment ought to be covered, which is usually large, and a lot of the expenses linked with an attack need to be covered even when the ransom is paid off. It may well be an enticing solution to pay the ransom in order to be able to recover quicker, nevertheless the fact is recovery may well not be reduced significantly even when paying the ransom. Ofttimes a separate decryption key is needed per endpoint therefore recovery will still be an unbelievably time consuming activity, which might not be easy. It is additionally not unheard of for data to be corrupted during the encryption and decryption.

The take-home principle is to be sure that you have the choice of retrieving files using backups, which means making sure a number of backups are prepared with one copy kept on an air-gapped device. Backups need to be tested also to be sure that data wasn’t corrupted and it’s possible to get back the file. You should then abide by the FBI’s instructions and not pay the ransom unless of course, you have no other solution.

Nigerian BEC Scammers Focus Attacks on Government Healthcare Agencies and COVID-19 Research Organizations

Business email compromise attackers from Nigeria were discovered targeting COVID-19 research bodies, pandemic response services and government healthcare institutions to obtain bogus wire transfer payments as well as install malware.

The Unit 42 team researchers of Palo Alto Networks identified the attacks connected to a cybercriminal group named SilverTerrier. SilverTerrier threat actors were extremely active particularly last year. Since 2014, the group had conducted around 2.1 million BEC attacks. Last year, SilverTerrier carried out 92,739 attacks every month. June had the highest activities with 245,637 attacks.

The group was identified exploiting vulnerability CVE-2017-11882 in Microsoft Office along with malware installation, though most often the group uses spear phishing emails to pin individuals from the finance department. Using standard phishing baits such as phony invoices and notice of payment advice, recipients are fooled into opening malicious email attachments that trigger malware installation. SilverTerrier utilizes several variants of malware including information stealers (PredatorPain, Lokibot, and Pony) and remote administration tools to preserve persistent access to breached systems. The gang uses malware for theft of sensitive information and access to payroll systems and bank accounts. BEC attacks are likewise done to get fraudulent wire transfer payments.

Unit 42 researchers have observed three of the group’s threat actors in the past 3 months so they know who performed the 10 COVID-19 related malware campaigns on healthcare organizations responding to COVID-19 cases in Italy, Australia, Canada, the U.S and the U.K.

The most current targets were local and regional governments, government medical organizations, insurance companies, research companies, medical publishing businesses, and universities with medical courses and medical facilities. The researchers tracked 170 unique phishing emails, including some that were tied up with personal protective equipment and face masks supplies.

According to Palo Alto Networks, 2019 had 172% more SilverTerrier attacks and the attacks will probably not decrease in 2020. Consequently, government agencies, public utility providers, medical and insurance providers, and universities with medical courses must be more careful with COVID-19-related email messages with attached files. Since the attacks are generally carried out through email, the top security measure is the training of employees to know which are spear-phishing emails. Then, an advanced spam filtering software must be used to prevent the receipt of spam in inboxes. It is also important to monitor for CVE-2017-11882 Microsoft Office vulnerability and employ patches right away.

Shareholder Files a Lawsuit Against LabCorp to Get Back Losses Because of Data Breaches

A shareholder of LabCorp is filing a lawsuit against the company and its management and directors for the loss in share value that was a result of two cyberattacks encountered by the LapCorp in the last year.

LabCorp was terribly impacted by the data breach that occurred in 2019 involving American Medical Collection Agency (AMCA), a medical debt collection firm. The hackers who accessed AMCA’s systems acquired the information of 10,251,784 patients who availed LabCorp’s services. The breach affected about 24 of AMCA’s customers.

TechCrunch reported another LabCorp data breach in January 2020 which affected about 10,000 LabCorp records, which the legal action claims was not disclosed to the public by AMCA nor stated in any SEC submissions. The breach was caused by a site misconfiguration and made it possible for the records to be accessible to any individual. The breach was likewise not submitted to the HHS’ Office for Civil Rights, though TechCrunch researchers affirmed that the files were comprised of patient information.

Raymond Eugenio owns shares in LabCorp that lost value because of the data breaches and filed the legal case on April 23, 2020 to retrieve those and other lost profits. As per the lawsuit, the defendants are LabCorp including 12 of the firm’s directors and executives, which include LabCorp Director Adam Schechter, CIO Lance Berberian and CFO Glenn Eisenberg.

The lawsuit states that before to the AMCA data breach and afterwards, LabCorp didn’t use proper cybersecurity measures and had no enough supervision of cybersecurity, which directly caused the two breaches.

In a filing with the SEC, LabCorp stated the company expended $11.5 million for the AMCA data breach in 2019 as well as remediation expenses, nevertheless, the lawsuit states that the number is merely a portion of the overall losses and doesn’t include the value of litigation that ensued. A few class-action lawsuits were submitted by the AMCA data breach victims that identified LabCorp and so the shareholders have no knowledge about the overall lost values. The legal case likewise says that the second breach hasn’t been verified publicly or in SEC filings. Consequently, Eugenio states that LabCorp was unsuccessful in its duty to its shareholders and failed in its duties of commitment, health care, and good faith.

The lawsuit states LabCorp

  • didn’t execute useful internal guidelines, measures, and controls to secure patient info,
  • there was not enough oversight of state and federal rules compliance and its internal guidelines and processes
  • was unable to have enough data breach response package set up
  • PHI was given to AMCA with no guarantee the company had adequate cybersecurity controls in position, LabCorp didn’t make certain that the persons and entities impacted by the breach were discovered promptly, and that the organization didn’t make sufficient public disclosures concerning the data breaches.

The legal action wishes to get refund for harm endured because of the breaches and public acceptance of the January 2020 breach. The lawsuit furthermore demands a change of corporate governance and internal processes and calls for a board-level committee to be established and the designation of an executive officer to make certain enough monitoring of information security.