Notepad: Risk in Review – July/August 2019

Adam Jacobson


August 1, 2019

Two Major Earthquakes Strike California

california earthquakeThe week of July 4th, two major earthquakes—one a 6.4 magnitude and the other 7.1—hit a desert area outside of Los Angeles. While city residents experienced relatively minor effects like limited power outages, several smaller towns between the epicenters and Los Angeles suffered major widespread property damage. According to a 2018 California Department of Insurance report, only 13% of state residents with homeowner’s insurance purchased earthquake coverage in 2017, leaving many vulnerable to high costs for repairing and rebuilding property. In coordination with the U.S. Geological Survey and other partners, the state has been pursuing an early-warning system called the ShakeAlert to mitigate the impact of future earthquakes. Once implemented, the system could cover the whole West Coast, and would include safety measures like sending residents a warning message and automatically shutting down train systems and tunnels when it senses coming earthquakes. California Governor Gavin Newsom said the system is 70% complete.

Ransomware Wave Crashes U.S. Cities

Since 2018, U.S. cities have increasingly been the target of ransomware attacks. Last year, Atlanta’s city computer systems were paralyzed for weeks by ransomware, while this June, Georgia’s Administrative Office of Courts was taken offline in a similar attack. Cybercriminals also targeted several Florida town governments this year, with Lake City paying nearly $460,000 and Riviera Beach paying almost $600,000 to recover their computer and phone systems. In addition, both Baltimore and Greenville, North Carolina, were recently hit with a ransomware strain dubbed RobbinHood, which is similar to the devastating SamSam malware that struck hospitals and city governments in 2018. In many cases, the cities’ insurance policies have covered the ransoms, but the attacks create additional expenses for business interruption and system updates and improvements. After it refused to pay a ransom, the total costs to the city of Baltimore were estimated at $18.2 million, far exceeding the original ransom demand.

Marriott, British Airways Fined Under GDPR

british airways gdpr fineU.K. data regulator the Information Commissioner’s Office (ICO) announced that it would fine both British Airways and Marriott for violating the European Union’s General Data Protection Regulation (GDPR). British Airways was fined a record-setting £183 million ($230 million) for a breach that exposed almost 500,000 customers’ personal data, including names, login information, credit card numbers, travel details and addresses. Meanwhile, Marriott faces a fine of £99 million ($124 million) for a breach that exposed 339 million customer records worldwide, including 30 million in Europe. The fines are especially large when compared to previous ICO decisions, including a £500,000 ($628,000) penalty levied last year against Facebook for failing to protect user information in the Cambridge Analytica scandal. That fine, however, was the maximum allowed under the U.K.’s 1998 Data Protection Act, which has since been replaced by the stricter GDPR.

Insurers Phasing Out Coal Investment

insurance coalZurich and Chubb announced that they will stop underwriting and investing in businesses that derive more than 30% of their revenue from coal mining or generate more than 30% of their energy production from coal, due to climate change concerns. Chubb also said it will not underwrite risks related to constructing and operating coal-fired plants (with limited exceptions until 2022), making it the first major U.S. insurer to take such a step. According to the International Energy Agency, while global coal demand has been decreasing since 2010, it increased in 2017 and 2018. This is largely due to economic growth spurring a higher demand for electricity in India and Southeast Asian countries like Indonesia, Vietnam, the Philippines and Malaysia, where coal is more readily available than other power sources.

Facebook Removed from S&P’s ESG List

Standard & Poor’s (S&P) has removed Facebook from its 500 Environmental, Social and Governance (ESG) Index, citing controversies over the social media company’s privacy practices and lack of transparency. S&P gave Facebook especially low scores for social responsibility and governance (22 and 6 out of 100, respectively). In recent years, Facebook has faced accusations of lax data privacy practices, including when political intelligence firm Cambridge Analytica misappropriated 87 million users’ data, and a data breach in 2018 exposed 30 million users’ personal information. Reid Steadman, global head of ESG for S&P, said that these issues produced “uncertainty about Facebook's diligence regarding privacy protection, and the effectiveness of the company risk management processes and how the company enforces them.”

Somewhere Over the Rainbow

harold arlenThe estate of prolific composer Harold Arlen—best known for writing The Wizard of Oz song “Over the Rainbow”—has sued several online music retailers and streaming services for what it calls a “massive music piracy operation,” seeking $4.5 million in damages. The lawsuit targets Amazon, Apple, Google, Microsoft and Pandora, alleging that the platforms are knowingly selling or streaming unlicensed copies of Arlen’s music, identical to the legitimate versions except with altered record covers and listing a fictitious record label, such as “Soundtrack Classics” instead of Capitol, RCA or other real companies. These sellers or streamers are reportedly charging less for the fraudulent version of songs, undercutting the legitimate copy’s sales and stealing royalties from Arlen’s estate. “Over 6,000 pirated recordings of [Arlen’s] compositions have been separately reproduced and distributed,” the lawsuit claims, adding that the companies being sued “are nothing more than modern tape pirates” violating copyright laws.

Adam Jacobson is associate editor of Risk Management.