Notepad: Risk in Review – March 2020

This post first appeared on Risk Management Magazine. Read the original article.

Coronavirus Infects
Tens of Thousands Worldwide

The novel coronavirus 2019-nCoV, which the World Health
Organization (WHO) formally declared a global health emergency in late January,
continues to spread throughout China and other countries. The virus has claimed
more victims than the SARS outbreak in 2003 and is impacting business
operations and supply chains around the world. As of February 13, the virus had
killed more than 1,300 people, including two outside mainland China, and
infected more than 60,000 in 28 countries and territories. In addition to the
cancellation of major public events in China, many international businesses
have curtailed operations in the country, instructed employees to work from
home, and restricted employee travel to and from China to limit exposure as the
virus spreads. The U.S. government suspended entry into the country for
non-citizens who had travelled in China in the past 14 days (the incubation
period of the virus) and said that Americans who had visited the Hubei province
where the virus was first identified could be quarantined for up two weeks. The
CDC officially recommended avoiding all non-essential travel to China, and the
U.S. State Department has asked people not to travel to China at all.

Facebook to Pay $550
Million for Facial Recognition Violation

Facebook will create a $550 million fund to compensate users
in Illinois to settle a 2015 lawsuit alleging that the company violated the
state’s Biometric Information Privacy Act (BIPA) by storing facial data to
automatically tag users in pictures. The feature, called “Tag Suggestions,”
initially tagged faces by default, but Facebook switched it to opt-in last
year. Enacted in 2008, Illinois’s BIPA prescribes a $1,000 fine for any
violation, which can increase to $5,000 per violation if a company willfully
neglected the law. The settlement will likely break down to hundreds of dollars
per plaintiff once the deal is finalized, depending on how many Illinois
Facebook users are included. In 2012, the company deactivated the feature in
Europe after regulators questioned how it stored user data and how users could
provide consent.

Huawei Sues Verizon for
Patent Violations

In February, Huawei filed two lawsuits against Verizon in
U.S. district court for allegedly using a dozen of Huawei’s networking
technology patents without permission or licensing. After licensing
negotiations between the companies broke down in early 2019, the Chinese
telecom giant claims that Verizon used its patents for its FiOS services and
network infrastructure, and reaped profits from these patents totaling $29.8
billion. It is unclear how much the lawsuits are seeking in damages. A Verizon
spokesperson said that the lawsuits had no merit and were “nothing more than a
PR stunt.” Huawei made similar claims last June, alleging that Verizon used 238
Huawei patents without permission, and the New York Times estimated that
those claims could total more than $1 billion in fines.

Wawa Breach exposes 30
Million Records

In December, convenience store chain Wawa alerted customers
to a data breach that compromised payment card details from its 850 East Coast
locations. The company warned customers who used payment cards at stores
between March 4 and December 10, 2019, to register for identity protection
services and review their accounts for suspicious activity. Wawa stated that
the breached records included card numbers, expiration dates and customer
names, but not PINs or CVV numbers. In late January, a post on the dark web
marketplace Joker’s Stash advertised for sale a database containing payment
card information for 30 million accounts that cybersecurity researchers say
match the Wawa breach. The number of cards being sold makes it the
third-largest payment card breach in history, behind only the 2013 Target
breach and the 2014 Home Depot breach, which exposed 40 million and 50 million
customer records, respectively.

Wineries Sue
Insurers Over Wildfire Smoke-Tainted Wine

Two California
wineries recently filed suit against their insurers for refusing to pay claims
for wines damaged by smoke from the 2017 California wildfires. Vintage Wine
Estates is seeking $12 million from Certain Underwriters at Lloyd’s of London,
Royal & Sun Alliance Insurance PLC, and four others, while Kunde Family is
suing National Surety Corporation and its parent company, Allianz, for $7
million. With the 2017 vintages now being released, the winemakers claim that
“smoke taint” from wildfires has rendered the wines undrinkable, resulting in
losses that should be covered under existing insurance policies. The insurers
have countered that the ­policies do not apply to grapes that were damaged
while still on the vine. Last year, Levensohn Vineyards also sued its insurer
for $1.14 million over wildfire smoke damage, while Westside Winery filed suit
against a New York distributor for refusing to accept a shipment of wines it
believed were similarly tainted. Meanwhile, Australian winemakers have begun
conducting lab tests to determine the extent of the damage the country’s
current fires will have on local grape crops.

Microsoft Ends
Support for Windows 7

On January 14, Microsoft ceased providing support for its
Windows 7 operating system, recommending users upgrade to Windows 10 to receive
technical support and security updates. At the time, 11 years after its debut,
Windows 7 still accounted for one-quarter of the Windows desktop market share.
With support ending, millions of PCs are at greater risk for viruses, malware
and other cyberattacks if they are not updated. Although Microsoft had been
winding down support for Windows 7 since 2015, many enterprises had still not updated
their systems—for example, nearly 500,000 computers used by the U.K.’s National
Health Service were still using the operating system in January. Microsoft
offered businesses the option of paying for extended security updates for
Windows 7 until 2023, but fees are as much as $50 per machine and will double
each year. Ireland’s Health Service Executive said that it would be paying €1.1
million ($1.2 million) to extend support for 46,000 devices still running
Windows 7, while the German government will pay €800,000 ($880,000) for 33,000
workstations. Microsoft will provide free Windows 7 security updates for
federally-certified voting machines through the 2020 U.S. elections, however.

Leave a Reply

Your email address will not be published. Required fields are marked *