Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Insurance Company. Show all posts

General Motors Under Fire for Secretly Spying on Drivers

 

In a developing story that has captured public attention, General Motors (GM) finds itself embroiled in controversy amidst accusations of clandestine surveillance and unauthorised data sharing with insurance companies. The unfolding narrative, spearheaded by investigative journalist Kashmir Hill of The New York Times, sheds light on a concerning pattern of behaviour within the automotive giant, raising significant questions about privacy and consumer rights.

What Are The Practices?

Hill's extensive investigation unveils a troubling narrative surrounding GM's alleged surreptitious enrollment of customers into its Smart Driver program. Despite the absence of explicit consent or enrollment in OnStar services, Hill and her husband were taken aback to discover that their driving data had been discreetly shared with insurers via third-party data brokers.

Lack of Transparency

Central to the controversy are instances implicating GM dealerships in the alleged scheme, with allegations suggesting customers were unwittingly enrolled in data-sharing initiatives during vehicle purchases. The pressure purportedly exerted on dealerships by GM to achieve high enrollment rates in connected services adds a layer of complexity to the narrative.

Legal and Ethical Implications

The emergence of federal lawsuits against GM underscores the legal and ethical consequences of its data collection practices. Amidst accusations of non-disclosure and lack of transparency, concerns have been raised about the company's adherence to regulatory standards and commitments to consumer privacy.

Corporate Response and Accountability

In response to mounting scrutiny, GM has announced the discontinuation of its Smart Driver program and pledged to unenroll all affected customers. Additionally, the cessation of data sharing with third-party brokers signals a proactive effort to address concerns and restore trust among consumers.

Calls for Reform and Regulatory Oversight

The controversy surrounding GM's data collection practices serves as a catalyst for broader discussions on consumer privacy rights and corporate accountability. Industry experts and consumer advocacy groups have called for strengthened regulatory oversight and transparency measures to safeguard against similar instances of covert data collection in the future.

As the narrative continues to unfold, the General Motors saga stresses the inherent tensions between technological innovation, consumer privacy, and corporate responsibility. The fallout from these revelations serves as a telling reminder of the critical importance of transparency, accountability, and ethical conduct in the digital age.


CareFirst Data Breach: Sensitive Information of Customers Leaked Online

 

For the third time in the past six years, cybercriminals have targeted CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC). The insurance provider had issued a written statement disclosing a data breach of one of its databases, which occurred on January 28. 

CHPDC’s managed IT service provider alerted CHPDC of abnormal behavior impacting CHPDC systems. Considering the long relationship with cyber-attacks the insurance provider immediately decided to engage cybersecurity group CrowdStrike to identify the source of the leak and also notified both the FBI and the Office of the Attorney General for the District of Columbia.

Unfortunately, hackers were able to gain access to a database and stole sensitive information including names, addresses, contact numbers, date of birth, Medicaid identification numbers. After the examination, CHPDC suggested the attack was likely carried out by a ‘sophisticated, foreign cybercriminal gang’ and it was premature to say how many clients had been affected.

“We’ve taken immediate steps to limit the impact of the attack and protect and secure our systems and the information of our enrollees. We’re angry and troubled that anyone would target our enrollees. We’re taking aggressive action on behalf of all those we serve to ensure they are supported and notified as more information becomes available,” George Aloth, CEO of CHPDC, stated.

The company has decided to provide free two-year credit, identity theft monitoring, and a website with information on data breaches to all the enrolled clients who were affected due to this data breach.

The 2014 cyber-attack on CHPDC was one of the largest healthcare breaches ever reported, nearly 1.1 million customers were affected. Threat actors targeted a single database that contained information about CareFirst members and others who accessed its websites and services. CareFirst learned of the data breach on April 21, 2015, nearly one year later after they hired Mandiant, a leading cybersecurity company. 

In October 2020, the FBI, The Department of Health and Human Services (HHS), and the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) alerted that cybercriminals were stepping up ransomware attacks on health sector groups as the organizations were involved in Covid-19 treatment and research.

RansomExx Gang Target French Health Insurance Company in a Ransomware Attack

 

Mutuelle Nationale des Hospitaliers (MNH), a French health insurance company has been hit by a ransomware attack that has severely affected the company’s operations. French health insurance company MNH provides health insurance services and has plans focused on the health department.

The company’s website mnh.fr displays a notice stating that it has been affected by a cyberattack that began on February 5. Due to this attack, the computer system and telephone services are unavailable. Members of the insurance company use the MNH website to design insurance quotes or to manage services and benefits.

Gerard Vuidepot, CEO of MNH, stated that “the MNH has been undergoing a cyber-attack since Friday, February 5, 2021. Computer systems have been disconnected for security reasons. Our websites (mnh.fr, member area, corresponding and elected extranets) and our telephone platform (3031) are temporarily unavailable. The processing times for your requests are being extended”.

As per the reports of BleepingComputer, an independent security expert shared a Tor web page that acts as a ransom negotiation page for the MNH attack that connects to the mnh.fr website. The page directs how the cybercriminals will negotiate with the firm and also advises MNH to employ a protonmail account while negotiating and not to reach out to the cops, or the cops will seize their bank accounts.

The site provides the ability to send a single email to the ransomware gang and perform test decryption of a single file. According to BleepingComputer, this Tor site is operated by ‘RansomExx’, a rebranded version of the Defray777 ransomware. This ransomware group has been operating since 2018, after updating their name to RansomExx in June 2020 it’s modus operandi has become more potent and are targeting high-profile companies.

Some of the high-profile organizations targeted by the RansomExx group in the past include the Texas Department of Transportation (TxDOT), Konica Minolta, Brazilian government networks, IPG Photonics, and Tyler Technologies. RansomExx has designed its own Linux version to make certain that they target all critical servers and data in a firm.