Notepad: Risk in Review – March 2019

Hilary Tuttle , Morgan O'Rourke


March 1, 2019

33 Arrested for Sex Trafficking Ahead of the Super Bowl

sex trafficking super bowlIn the week before the Super Bowl, 33 people were arrested for sex trafficking in the Atlanta metro area and four victims were recovered. Around last year’s Super Bowl, seven accused traffickers were arrested after a similar multi-agency operation in Minneapolis. While some assert the surge of visitors around the Super Bowl contributes to an increase in sex trafficking, many top anti-trafficking groups say it is more a surge in both efforts by authorities to root out such crimes and an increase in public attention. For example, the FBI’s Metro Atlanta Child Exploitation Task Force reports that authorities rescue 75 to 100 child sex trafficking victims a year. Across the United States, Secretary of Homeland Security Kirstjen Nielsen reported 1,600 victims were rescued from sex trafficking last year and over 300 people were arrested. Advocates increasingly focus on urging companies in hospitality and transportation to educate employees to spot signs of trafficking and intervene or report potential trafficking situations.

Zurich Asserts War Exclusion in Rejecting Cyber Insurance Claim

notpetya cyber insuranceMondelez International has filed suit against Zurich American Insurance Company, which recently invoked a war exclusion to deny a claim for damages resulting from the 2017 NotPetya malware attack. The snack food giant, which owns Nabisco and Cadbury, suffered damages that have been estimated at $188 million. While it masqueraded as ransomware, authorities now agree that NotPetya was an attack by Russian operatives targeting infrastructure in Ukraine as part of their ongoing conflict, but there has been no official declaration of war or act of terrorism. NotPetya wreaked havoc worldwide, including crippling the supply chain of shipping giant Maersk, pharmaceutical firm Merck and FedEx’s European subsidiary TNT Express, ultimately totaling an estimated $10 billion in damages. The incident vividly illustrates the global crises that can result from cyberattacks as well as the scale of financial exposure on cyber insurers’ balance sheets and the resulting aggregation risks from large, widespread cyber-related losses.

International Tensions Top WEF Risk Outlook

Increasing economic and political tensions between major powers represent the most urgent risk facing the world today, according to the World Economic Forum’s 2019 Global Risks Report. Most experts surveyed expected an increase in economic confrontations in the coming year (91%), additional erosion of multilateral trading rules and agreements (88%) and more major-power political confrontations (85%). In addition to the short-term pain these issues will cause, experts fear strained relations will make it more difficult for nations to cooperate on longer-term risks posed by environmental and technological challenges. Environmental risks like extreme weather, climate change, natural disasters and water crises pose three of the WEF’s top five risks by likelihood and four of the top five by impact. Meanwhile, the vulnerability of businesses and critical infrastructure to cyberattacks remains a serious concern, particularly as new connected technologies are integrated throughout society.

PG&E Files for Bankruptcy After California Wildfires

pacific gas and electric wildfiresFacing billions of dollars in liability related to wildfires across the state, California power company Pacific Gas & Electric filed for bankruptcy in January. The Wall Street Journal reported that, between June 2014 and December 2017, more than 1,500 wildfires have been linked to PG&E power lines and equipment. Last year, a malfunctioning PG&E power line was suspected of sparking the Camp fire, which caused 86 deaths and destroyed 18,000 homes and businesses, resulting in more than $7 billion in claims against the company. While PG&E has tried to reduce fire risks by stepping up its efforts to repair power lines and equipment and trim trees and bushes, it has not been able to keep up with severe drought conditions. PG&E faces complaints on behalf of at least 5,600 fire victims, and has estimated its wildfire-related liabilities could exceed $30 billion.

France Fines Google $57 Million Under GDPR

In January, France issued the largest GDPR-related fine to date, levying a €50 million penalty ($57 million) against Google. According to France’s data protection regulator, CNIL, Google did not provide enough transparency around how user information is collected, stored and disseminated, and failed to obtain proper consent to process user data for ad personalization across its entire range of services. According to CNIL, “The infringements observed deprive the users of essential guarantees regarding processing operations that can reveal important parts of their private life since they are based on a huge amount of data, a wide variety of services and almost unlimited possible combinations.” Google said it will appeal the fine, in part due to concern about the impact on “publishers, original content creators and tech companies in Europe and beyond.”

Data Leak Exposes Billions of Accounts

collection 1 data leakIn January, a massive trove of leaked personal data referred to as Collection #1 was posted to a hacking forum, exposing 773 million unique email addresses and passwords. Immediately called the largest ever public data breach by volume, Collection #1 was quickly followed by Collection #2-5, which total about three times as many unique records. The collections are composed of thousands of files from different data breaches compiled into a database and disseminated. Such information is typically used in credential stuffing attacks, which aim to compromise other accounts that reuse the same passwords across different sites. It is unclear how many—if any—of the breaches may be new, but the record number of accounts involved highlights the importance of good cyber hygiene, particularly the need to have strong, unique passwords for every account.

Hilary Tuttle is managing editor of Risk Management.

Morgan O’Rourke is editor in chief of Risk Management and director of publications for the Risk & Insurance Management Society, Inc. (RIMS)