Let’s take a look at a brief overview of data leaks from last week. In the spotlight: Sony Interactive Entertainment (Sony), MOVEit Transfer platform, Blackbaud, MGM Resorts, Prospect Medical Holdings Inc., Joshua Strandinger, Federal Trade Commission (FTC), Judicial Panel on Multidistrict Litigation, Progress Software Corp., T-Mobile, ConnectivitySource.
Sony Interactive Entertainment (Sony) recently informed its existing and past employees, along with their families, regarding a cybersecurity infringement that laid bare personal details. The disclosure, sent to approximately 6,800 individuals, verified the breach ensued following an unauthorized access exploiting a zero-day flaw in the MOVEit Transfer platform.
On a related note, Blackbaud, a fundraising software enterprise, has consented to a $49.5 million settlement to resolve allegations levied by the attorneys general from 49 states and Washington, D.C., emanating from a 2020 data breach. This incident compromised sensitive information belonging to 13,000 non-profit organizations.
MGM Resorts, a behemoth in the hotel and casino sector, disclosed that a recent cyber onslaught has led to a financial setback of $110 million owing to loss of revenue and expenses directed towards mitigation. The firm, listed on the stock exchange, anticipates reclaiming at least the financial losses and costs incurred till now through cyber insurance.
In another cybersecurity debacle, Prospect Medical Holdings Inc. faces a lawsuit over a data breach in July, which jeopardized the personal data of 190,000 individuals. A proposed federal class action, led by Joshua Strandinger, accuses Prospect—a health-care conglomerate managing 16 hospitals across five states—of neglecting to encrypt sensitive information, falling short on establishing reasonable data-security measures and policies, and overlooking the FTC’s data-security guidelines.
The repercussion of the MOVEit data breach has further led to the centralization of over 100 lawsuits in a federal court in Massachusetts, as decided by the Judicial Panel on Multidistrict Litigation. This cyber assault targeted Progress Software Corp.’s MOVEit file transfer application, underscoring the growing concerns around data security.
T-Mobile, too, has reportedly been hit by its third data breach within a year. However, the latest update clarifies that the breach did not impact T-Mobile directly, but rather an autonomous T-Mobile retailer named ConnectivitySource. According to T-Mobile, the leaked data “is related to an independently owned authorized retailer,” ensuring that no employee data from T-Mobile was exposed in this incident.