Ontario: Two gamblers spearhead class action against casino over hacking of private data

By Colin Perkel

THE CANADIAN PRESS

TORONTO _ Two gamblers who allege their privacy was breached are spearheading a proposed class action against an Ontario casino whose databases were hacked.

In a notice of action, they also alleged Monday that Casino Rama, north of Toronto, unjustly enriched itself at the expense of the claimants.

In the allegations contained in the notice, Leonid Kaplan, of Barrie, Ont., says he provided casino staff with copies of his driver’s licence and credit card when he went there to gamble in September.

Kaplan says he received an email by the CEO of Casino Rama, John Drake, on November 10 with the subject line: “Unauthorized Access to Personal Information.”

The email stated that the organization had been the “victim of a cyberattack that resulted in the theft of past and present patron, employee and vendor information.”

The casino publicly confirmed the attack last week but did not say exactly when it occurred or over what period.

The other proposed representative plaintiff, Cheryl Mizzi, of Stouffville, Ont., says she and her husband regularly went to Casino Rama starting in 1999. They last visited in 2015. She, too, provided various forms of identification.

Neither proposed plaintiff have said what losses, if any, they incurred as a result of the privacy breach.

The lawsuit also names Ontario’s gaming commission, the Penn National Gaming and its Ontario subsidiary, which run the casino, and the Chippewas of Rama First Nation where the facility is located.

The suit, which has yet to be certified as a class action or tested in court, seeks $50 million in damages as well as another $10 million in punitive damages.

Lawyer Ted Charney said Monday the “unjust enrichment” claim arises from the casino generating revenues from gambling when customers thought reasonable security measures were in place to protect privacy.

“The casino elected not to invest in adequate staff and technology while collecting gambling revenues, promising to provide adequate security measures,” Charney said.

The suit also alleges the defendants breached contracts and violated consumer laws.

A Casino Rama spokeswoman did not address the allegations, but said Monday the organization was working with the authorities on the ongoing investigation.

“We are limited in how much detail we can provide,” Jenna Hunter said. “We deeply regret this situation and recognize the seriousness of the issue.”

Casino Rama Resort warned its customers, vendors as well as current and former staff last Thursday to keep an eye on their bank accounts, credit cards and other financial information.

The casino said it had “recently” discovered becoming the victim of a cyberattack that resulted in the large-scale data theft.

Stolen data appeared to include internal financial and security-incident reports, emails, payroll data, client information, social insurance numbers, and dates of birth, according to the casino.

“The hacker claims that the employee information dates from 2004 to 2016, and that some of the other categories of information taken date back to 2007,” the casino said in a statement.

The resort, which has 2,500 slot machines and more than 110 gaming tables, said the games themselves weren’t hacked.

Located on Rama First Nation, the casino opened 20 years ago.

CP3

Thinking of your target’s acquisition: is your cybersecurity risk assessment sufficient?

In 2015, we have seen several important cybersecurity breaches in the industry. Some of them have been extensively mediatized while others remained less known by the general public. Recently, the online dating website Ashley Madison was hacked and the identity of millions of users revealed all around the world. Even more recently, we learned that over 500 million users’ Yahoo accounts had been hacked in 2014 and this news came out shortly after the acquisition of Yahoo by telecom giant Verizon. Can these attacks jeopardize your upcoming transaction? They absolutely can. As a matter of fact, Verizon asked for a $1 billion discount off its initial offer of $4.8 billion to acquire Yahoo and just recently said that it has a reasonable basis to believe that the massive data breach of email accounts represents a material impact that could allow Verizon to withdraw from the deal. The burden seems to now be on Yahoo to demonstrate the full impact of the breach.

These attacks raise an important question: are companies aware of the importance of conducting thorough cybersecurity due diligence in their M&A transactions? Here are a few tips that could be helpful when it comes to assessing the cybersecurity risk of a targeted company:

  1. Do not wait until the end of your due diligence. Start assessing the risk at the earliest stage of the due diligence process. It is important to ask the target what its most important and useful IT systems are and the most common risk associated with them. Are they covered by complete and extensive IT policies? Are they regularly updated and evaluated by IT experts? Those are examples of questions that need to be asked while conducting your IT due diligence.
  2. Know exactly the most important systems that need to be considered. Since due diligence in cybersecurity can be very expensive for the buyer, it is important to identify what systems or technologies are most at risk of being subject to a cyber-attack. By tailoring your risk assessment, you are controlling the cost while making sure to investigate the proper systems with a higher risk of being hacked that will endanger the success of your transaction.
  3. Do not engage in any cybersecurity risk assessment if your company does not have internal IT experts or extensive knowledge in this area. It is no easy task when it comes to estimate the cost of a potential cybersecurity problem within the target’s systems. Not only is it important to discover such problems but it is also very important to be able to evaluate how such problem could negatively impact the transaction and what the best way to fix those problems is, before engaging in further discussions or negotiations. If your company does not have the internal team to proceed with the cybersecurity due diligence, you should consider retaining the services of external IT specialists.
  4. Consider the importance of obtaining cyber insurance. Since cyber-attacks can be highly expensive for a company, the importance of cyber insurance (not only in the specific context of an M&A transaction) is rising for many companies throughout the market. According to an IBM survey conducted in 2016, the average cost of a data breach reached $6.03 million this year, which represents a 12.5% increase compared to 2015. The software-maker McAfee estimated that the total cost of cybercrime in the global economy can reach up to US$575 billion per year. The costs are high and most of the time very difficult to estimate so that is why companies should consider having cyber insurance in order to protect themselves from such costs and uncertainty. Cyber insurance policies can cover a wide range of risks from network security liability to regulatory defense and penalties and network extortion.

For more, please see our previous posts on how to manage cyber security risks during the negotiation and due diligence stages of an M&A transaction and the ways regulatory bodies have begun managing these risks.

Source:

Norton Rose Fulbright’s lawyers in Canada cover the full range of areas involved in deal-making. Our Deal Law Wire blog is about sharing our insights with you. From corporate law to cross-border, antitrust/competition, intellectual property, employment and labour and pension matters and more, our lawyers offer a Canadian and truly global perspective that few practices in the world can rival.

IBC reminds consumers to safeguard their online identity

IBC reminds consumers to safeguard their online identity

October is Cyber Security Awareness Month and Insurance Bureau of Canada (IBC) is reminding consumers that safeguarding your identity can help prevent insurance fraud.

“If your personal information is stolen, criminals can use it in elaborate schemes, including insurance fraud,” says Craig Stewart, Vice-President, Federal Affairs (IBC). “Hackers and criminals can use the internet to access your bank accounts, secure new credit cards, make purchases and pursue other criminal activities. Follow IBC’s cyber safety tips to help keep you and your family safe from online crime.”

IBC’s top 10 cyber safety tips:

1.

Don’t share your personal information online.

Never give personal information over e-mail or phone to someone who has contacted you to ask for it, without authenticating their identity.

2.

Guard your financial information.

If you shop, do insurance transactions or banking online, make sure you aren’t saving personal financial information, such as credit card numbers, that someone could easily take.

3.

Change your login and your passwords regularly.

Make your passwords hard to decipher by using numbers and characters in addition to letters.

4.

Before opening a website or email, ensure the URL is trustworthy.

Criminals often use phishing, which uses an official-looking email to direct you to a website that looks legitimate, to steal personal information.

5.

Install and regularly update security software.

6.

Check financial statements regularly and look for any unusual activity.

7.

Be social media savvy.

Set your social media profiles to the private setting and be careful what you post online.

8.

Make sure your home Wi-Fi network is protected.

When using public “hot spots,” recognize that the data you share is vulnerable and do not conduct financial transactions, such as obtaining automobile or home insurance, on these networks.

9.

Only download programs from reputable websites.

10.

Take the time to report the crime; call 1-877-IBC-TIPS.

 

About Insurance Bureau of Canada
Insurance Bureau of Canada (IBC) is the national industry association representing Canada’s private home, auto and business insurers. Its member companies make up 90% of the property and casualty (P&C) insurance market in Canada. For more than 50 years, IBC has worked with governments across the country to help make affordable home, auto and business insurance available for all Canadians. IBC supports the vision of consumers and governments trusting, valuing and supporting the private P&C insurance industry. It champions key issues and helps educate consumers on how best to protect their homes, cars, businesses and properties.

P&C insurance touches the lives of nearly every Canadian and plays a critical role in keeping businesses safe and the Canadian economy strong. It employs more than 120,000 Canadians, pays $8.2 billion in taxes and has a total premium base of $49 billion.

For media releases and more information, visit IBC’s Media Centre at http://www.ibc.ca/. Follow IBC on Twitter @InsuranceBureau or like us on Facebook. If you have a question about home, auto or business insurance, contact IBC’s Consumer Information Centre at 1-844-2ask-IBC.

If you require more information, IBC spokespeople are available to discuss the details in this media release.

SOURCE Insurance Bureau of Canada

Yahoo Says Hackers Stole Info from 500 Million User Accounts

Yahoo said hackers stole personal information from 500 million of its user accounts, a massive security breakdown it attributed to a “state sponsored actor.” The breach disclosed Thursday, the latest setback for the beleaguered internet company, dates back to late 2014.

That’s when high-tech thieves hacked into Yahoo’s data centres, the company said. But Yahoo only recently discovered the break-in as part of an ongoing internal investigation.

The stolen data includes users’ names, email addresses, telephone numbers, birth dates, hashed passwords, and the security questions _ and answers _ used to verify an account holder’s identity.

Last month, the tech site Motherboard reported that a hacker who uses the name “Peace” boasted that he had account information belonging to 200 million Yahoo users and was trying to sell the data on the web.

Yahoo recommends that users change their passwords if they haven’t done so since 2014. The Sunnyvale, California, company said its investigation so far hasn’t found any evidence that information about users’ bank accounts or credit and debit cards were swiped in the hacking attack. It said it has “no evidence” that the attacker is still in Yahoo’s network.

News of the security lapse could cause some people to have second thoughts about relying on Yahoo’s services, raising a prickly issue for the company as it tries to sell its digital operations to Verizon Communications for $4.8 billion.

That deal, announced two months ago, isn’t supposed to close until early next year. That leaves Verizon with wiggle room to renegotiate the purchase price or even back out if it believes the security breach will harm Yahoo’s business. That could happen if users shun Yahoo or file lawsuits because they’re incensed by the theft of their personal information.

Verizon said it still doesn’t know enough about the Yahoo break-in to assess the potential consequences. “We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities,” the company said in a statement.

 

Canada: Cyber Risk: Tips For Staying Safe

Canada: Cyber Risk: Tips For Staying Safe

Dentons Privacy and Cybersecurity group has developed a Cyber Risk awareness poster and check list to ensure you and your company can take the necessary steps to ensure protection from unwanted cyber attacks. It covers recommendations for both corporates and individuals.

Cyber attacks are on the rise and most of the time catch individuals and companies by surprise. The impact can be detrimental to individuals and companies, alike.

Cyber attackers use various methods to access individual and company data. We have created 5 easy-to-follow steps to ensure you and your company’s data can be protected.

At Dentons, our Global Privacy and Cybersecurity team are experienced in helping individuals and companies put policies and procedures in place to deal with events like cyber attacks.

In an increasingly connected world, Cyber Security will undoubtedly require close attention and vigilance and the team at Dentons are here to help you stay protected.

Download the Article

About Dentons

Dentons is the world’s first polycentric global law firm. A top 20 firm on the Acritas 2015 Global Elite Brand Index, the Firm is committed to challenging the status quo in delivering consistent and uncompromising quality and value in new and inventive ways. Driven to provide clients a competitive edge, and connected to the communities where its clients want to do business, Dentons knows that understanding local cultures is crucial to successfully completing a deal, resolving a dispute or solving a business challenge. Now the world’s largest law firm, Dentons’ global team builds agile, tailored solutions to meet the local, national and global needs of private and public clients of any size in more than 125 locations serving 50-plus countries. www.dentons.com

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances. Specific Questions relating to this article should be addressed directly to the author.

Source: Mondaq

Aon: Business interruption due to a breach is top cyber risk concern

Aon: Business interruption due to a breach is top cyber risk concern

Findings underscore importance of conducting a cyber risk assessment, Aon outlines three-step approach for assessing cyber risk

Press Release:

CHICAGO (April 11, 2016) – Aon Global Risk Consulting, the risk consulting business of Aon plc (NYSE:AON), the leading global provider of risk management and human resource consulting and outsourcing, today released its 2016 Captive Cyber Survey report, which finds that the costs of business interruption due to a breach is the top cyber risk concern for businesses across all industries.

As Aon’s first cyber captive survey,  the findings offer a better understanding of organizations’ current attitude towards cyber threats, risk assessment, insurance purchasing trends and loss adjustment concerns and provides insight into current retail market trends, including captives and other risk financing solutions.

“Our findings also indicate that there is a disparity between companies recognizing that cyber is one of the fastest growing and permeating risks, and actually understanding what their individual exposures and coverage needs are,” said Peter Mullen, chief executive officer of Aon Risk Solutions’ Aon Captive and Insurance Management practice, who spearheaded the report. “Captives are a great alternative risk transfer solution for bridging this gap while the industry’s approach to cyber risk management catches up to the evolving pace of technology.”

The survey findings indicate that 94 percent of companies would share risk with others in their industry as part of a captive facility writing cyber. What’s more, Aon experts anticipate alternative risk transfer options to become increasingly sought after as these solutions give companies some control over underwriting, coverage scope and claims adjustment, while providing an opportunity to share best practices, experience and data in a private setting.

Additional highlights of the report include:

  • 61 percent of survey respondents buy cyber limits in the $10-25 million range, but overall 60 percent of large companies do not buy cyber insurance
  • Of those that do, 68 percent of companies surveyed buy cyber for balance sheet protection closely followed by ensuring due diligence comfort for the board
  • Only 25 percent of respondents that buy limits are confident that they comply with international best practices and standards for information security  governance
  • 95 percent of companies surveyed state clear policy wording as the most important issue in the cyber risk market, and 75 percent of large companies express concerns about the loss adjustment process

“Given the evolving nature and complexity of cyber exposures, we found that the use of cyber risk assessments is surprisingly low,” said Kevin Kalinich, global practice leader for cyber/network risk at Aon Risk Solutions. “Conducting such an assessment is a useful tool for improving risk understanding and maturity as well as for helping organizations better prepare for potential business interruption during or after a breach. Aon is at the forefront of assisting clients to develop and implement a risk assessment approach that is cross departmental and can translate cyber exposures into financial impact.”

Aon recommends the following three steps to begin a cyber risk assessment:

  1. Scenario Analysis: Benchmark the existing cyber risk profile and work with business stakeholders to prioritize cyber risk scenarios
  2. Financial Modeling: Leverage advanced financial simulation tools using deterministic modeling to quantify first and third party costs of select cyber scenarios. Consider performing an analysis on non-damage business interruption scenarios using forensic accounting capabilities.
  3. Insurability Risk Review: Test the adequacy of limits against the assessed cyber risk as well as review the optimization of the proposed insurance program

About the 2016 Aon Captive Cyber Survey

Aon’s 2016 Captive Cyber Survey is designed to offer analysis of top cyber risk concerns, risk assessment approaches, attitudes toward cyber insurance and policy cover and structure. The survey, conducted for the first time in fall 2015, gathered input from risk managers and directors of more than 125 captive insurance companies. The 2016 findings will allow organizations to gain insight into the mounting threat of cyber risk, benchmark their risk management practices and identify approaches that may increase their preparedness.

More information about the 2016 Aon Captive Cyber Survey can be found here: http://www.aon.com/risk-services/cyber.jsp

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from ILSTV

You have Successfully Subscribed!

Pin It on Pinterest