Notepad: Risk in Review – March 2020

Morgan O'Rourke , Adam Jacobson


March 2, 2020

Coronavirus Infects Tens of Thousands Worldwide

The novel coronavirus 2019-nCoV, which the World Health Organization (WHO) formally declared a global health emergency in late January, continues to spread throughout China and other countries. The virus has claimed more victims than the SARS outbreak in 2003 and is impacting business operations and supply chains around the world. As of February 13, the virus had killed more than 1,300 people, including two outside mainland China, and infected more than 60,000 in 28 countries and territories. In addition to the cancellation of major public events in China, many international businesses have curtailed operations in the country, instructed employees to work from home, and restricted employee travel to and from China to limit exposure as the virus spreads. The U.S. government suspended entry into the country for non-citizens who had travelled in China in the past 14 days (the incubation period of the virus) and said that Americans who had visited the Hubei province where the virus was first identified could be quarantined for up two weeks. The CDC officially recommended avoiding all non-essential travel to China, and the U.S. State Department has asked people not to travel to China at all.

Facebook to Pay $550 Million for Facial Recognition Violation

Facebook will create a $550 million fund to compensate users in Illinois to settle a 2015 lawsuit alleging that the company violated the state’s Biometric Information Privacy Act (BIPA) by storing facial data to automatically tag users in pictures. The feature, called “Tag Suggestions,” initially tagged faces by default, but Facebook switched it to opt-in last year. Enacted in 2008, Illinois’s BIPA prescribes a $1,000 fine for any violation, which can increase to $5,000 per violation if a company willfully neglected the law. The settlement will likely break down to hundreds of dollars per plaintiff once the deal is finalized, depending on how many Illinois Facebook users are included. In 2012, the company deactivated the feature in Europe after regulators questioned how it stored user data and how users could provide consent.

Huawei Sues Verizon for Patent Violations

In February, Huawei filed two lawsuits against Verizon in U.S. district court for allegedly using a dozen of Huawei’s networking technology patents without permission or licensing. After licensing negotiations between the companies broke down in early 2019, the Chinese telecom giant claims that Verizon used its patents for its FiOS services and network infrastructure, and reaped profits from these patents totaling $29.8 billion. It is unclear how much the lawsuits are seeking in damages. A Verizon spokesperson said that the lawsuits had no merit and were “nothing more than a PR stunt.” Huawei made similar claims last June, alleging that Verizon used 238 Huawei patents without permission, and the New York Times estimated that those claims could total more than $1 billion in fines.

Wawa Breach exposes 30 Million Records

In December, convenience store chain Wawa alerted customers to a data breach that compromised payment card details from its 850 East Coast locations. The company warned customers who used payment cards at stores between March 4 and December 10, 2019, to register for identity protection services and review their accounts for suspicious activity. Wawa stated that the breached records included card numbers, expiration dates and customer names, but not PINs or CVV numbers. In late January, a post on the dark web marketplace Joker’s Stash advertised for sale a database containing payment card information for 30 million accounts that cybersecurity researchers say match the Wawa breach. The number of cards being sold makes it the third-largest payment card breach in history, behind only the 2013 Target breach and the 2014 Home Depot breach, which exposed 40 million and 50 million customer records, respectively.

Wineries Sue Insurers Over Wildfire Smoke-Tainted Wine

Two California wineries recently filed suit against their insurers for refusing to pay claims for wines damaged by smoke from the 2017 California wildfires. Vintage Wine Estates is seeking $12 million from Certain Underwriters at Lloyd’s of London, Royal & Sun Alliance Insurance PLC, and four others, while Kunde Family is suing National Surety Corporation and its parent company, Allianz, for $7 million. With the 2017 vintages now being released, the winemakers claim that “smoke taint” from wildfires has rendered the wines undrinkable, resulting in losses that should be covered under existing insurance policies. The insurers have countered that the ­policies do not apply to grapes that were damaged while still on the vine. Last year, Levensohn Vineyards also sued its insurer for $1.14 million over wildfire smoke damage, while Westside Winery filed suit against a New York distributor for refusing to accept a shipment of wines it believed were similarly tainted. Meanwhile, Australian winemakers have begun conducting lab tests to determine the extent of the damage the country’s current fires will have on local grape crops.

Microsoft Ends Support for Windows 7

On January 14, Microsoft ceased providing support for its Windows 7 operating system, recommending users upgrade to Windows 10 to receive technical support and security updates. At the time, 11 years after its debut, Windows 7 still accounted for one-quarter of the Windows desktop market share. With support ending, millions of PCs are at greater risk for viruses, malware and other cyberattacks if they are not updated. Although Microsoft had been winding down support for Windows 7 since 2015, many enterprises had still not updated their systems—for example, nearly 500,000 computers used by the U.K.’s National Health Service were still using the operating system in January. Microsoft offered businesses the option of paying for extended security updates for Windows 7 until 2023, but fees are as much as $50 per machine and will double each year. Ireland’s Health Service Executive said that it would be paying €1.1 million ($1.2 million) to extend support for 46,000 devices still running Windows 7, while the German government will pay €800,000 ($880,000) for 33,000 workstations. Microsoft will provide free Windows 7 security updates for federally-certified voting machines through the 2020 U.S. elections, however.

Morgan O’Rourke is editor in chief of Risk Management and director of publications for the Risk & Insurance Management Society, Inc. (RIMS)

Adam Jacobson is associate editor of Risk Management.