The Risk Report - April 22

It’s important to remember that a breach of your vendor—if it impacts your business—is ultimately a breach of your data, too. Data breaches are all too common these days for companies to simply rely on the InfoSec capabilities of their subprocessors. Stay vigilant, stay aware, and keep your customers from freaking out at the airport.

‍

BREACHES OF THE WEEK

💺 You're grounded

Sunwing Airlines, a Canadian low-cost airline, is scrambling through an outage of its passenger check-in and boarding system that has left many of its planes grounded for days on end. The cause of it all? A data breach against Airline Choice, one of Sunwing’s third-party vendors. With no passenger management system in place, the airline is having to manually check-in travelers. “It’s been delayed eight times,” said one traveler at Pearson International Airport in Toronto. “We’ve been shuffled to three hotels.” There is no timeline just yet of when this will all be resolved, but Airline Choice is working to resolve the incident.

Read the full story

🖥️ Healthcare...again

Adaptive Health Integrations (”AHI”), a rather mysterious North Dakota-based provider of healthcare software, has reported a breach of its systems that could impact up to 510,000 people. In its official statement, AHI explained that the breach was first identified in October of last year and that the threat was contained. No specific information was offered as to the types of personal information potentially accessed. AHI has reported the incident to the US Department of Health and Human Services and the Montana Attorney General’s office.

Read the full story

🥣 Bad oatmeal

Bob’s Red Mill, an Oregon-based manufacturer of oatmeal, granola, and other health foods, has announced that it learned of a “data scrape” attack against its systems between February 23rd and March 1st of this year. The company wrote in its letter to customers that malicious software was able to infiltrate its order platform and obtain customers’ personal information including credit card numbers. The first sign of the breach seems to have come from a customer who called in to report a fraudulent transaction on their card. Bob’s Red Mill says that the incident has been isolated and that the website is now fully secured.

Read the full story

‍

NOTEWORTHY THIS WEEK

🇺🇸 Team America

The U.S. Department of Commerce announced that it has teamed up with Canada, Japan, South Korea, the Philippines, Singapore, and Taipei with the establishment of the Global Cross Border Privacy Rules Forum (”CBPR”). This new organization seeks to establish a set of international data privacy certifications and standards to help companies stay compliant with international regulations and facilitate safe flows of data around the world.

Read the full story

🖋️ Almost there

Last week we reported on a proposed comprehensive consumer privacy bill in Connecticut that, if passed, would become the fifth of its kind in the United States. On Wednesday, Senate Bill 6 passed State Senate voting 35-0 with just 1 abstention for near-unanimous support. The bill now goes to the State House for one more round of voting before being brought to Governor Lamont for signing into law.

Read the full story

Want to receive this newsletter weekly? Subscribe for the latest news on data breaches and privacy legislation.