LinkedIn faces EU fine over data breach | UnitedHealth’s tech unit hack impacts 100 million | SEC charges tech companies for SolarWinds breaches

In today’s Portfolio Intelligence Daily:?

• LinkedIn faces EU fine over data breach
• UnitedHealth’s tech unit hack impacted 100 million people
• SEC charges tech companies for downplaying SolarWinds breaches

Our analyst team curates these summaries from Auquan’s Intelligence Engine, which uses generative AI and retrieval augmented generation (RAG) to uncover material non-financial insights at scale to support deal sourcing, due diligence, risk monitoring, and compliance.

Industry trends:

• The magic of RAG is in the retrieval (InfoWorld) — Retrieval-augmented generation (RAG) and AI agents are transforming how AI can automate knowledge work in the enterprise.
• Tackling Information Overload in the Age of AI [private credit] (TDWI Upside)
• Why AI is finally catching up with financial services (Maddyness)

LinkedIn faces EU fine over data breach

European Union regulators have imposed a significant fine on LinkedIn, highlighting concerns over data privacy practices.?

• LinkedIn has been fined 310 million euros (approximately $335 million) by the Irish Data Protection Commission for breaching EU data privacy regulations, specifically the General Data Protection Regulation (GDPR).?

• The investigation revealed that LinkedIn lacked a lawful basis for collecting personal data used for targeted advertising, raising issues of lawfulness, fairness, and transparency in its data processing practices.?

• As part of the ruling, LinkedIn has been ordered to comply with GDPR requirements within three months, ensuring that its advertising practices align with legal standards.?

• LinkedIn expressed its belief that it had been compliant with regulations but acknowledged the need to adjust its advertising practices to meet the requirements set forth by the Irish regulator.?

Select timeline

• Oct 24, 2024 | Ireland Fines LinkedIn 310 Mn Euros Over EU Data Breach (BARRON’S)
• Oct 24, 2024 | LinkedIn hit with 310 million euro fine for data privacy violations from Irish watchdog (AP News)
• Oct 24, 2024 | LinkedIn fined $335 million in EU for tracking ads privacy breaches (Tech Crunch)

UnitedHealth’s tech unit hack impacted 100 million people

UnitedHealth's technology unit has faced a significant cyberattack, impacting a huge number of individuals and raising serious concerns about data security in the healthcare sector.?

• The cyberattack affected approximately 100 million people, with UnitedHealth's Change Healthcare subsidiary processing over 15 billion medical transactions annually, representing nearly one-third of U.S. patient records.

• The breach, attributed to the hacking group ALPHV (also known as "BlackCat"), was first reported on February 21, 2024. The attackers accessed sensitive data, including health insurance information and personal identifiers, by exploiting vulnerabilities in the company's system.?

• The attack has resulted in significant financial repercussions for UnitedHealth, with estimated losses reaching $2.45 billion due to operational disruptions and ransom payments. The company had initially paid a ransom of $22 million, which did not lead to the deletion of the stolen data as promised.?

• UnitedHealth has begun notifying affected individuals since June 2024, but the full scope of the breach is still being assessed. Notifications are expected to continue as the investigation unfolds, given the complexity of the data involved.??

Select timeline

• Oct 24, 2024 | Hack at UnitedHealth's Tech Unit Impacted 100 Million People, US Health Dept Says (Money.USNEWS)
• Oct 24, 2024 | UnitedHealth says Change Healthcare hack affects over 100 million, the largest-ever US healthcare data breach (Tech Crunch)
• Oct 24, 2024 | Hack at UnitedHealth’s tech unit impacted 100 million people (The Print)

SEC charges tech companies for downplaying SolarWinds breaches

The U.S. Securities and Exchange Commission (SEC) has charged Unisys Corp, Avaya Holdings, Check Point Software, and Mimecast for misleading investors regarding the impact of their cybersecurity breaches related to the SolarWinds Orion hack in 2020.?

• Each company was accused of downplaying the severity of the breaches in their public disclosures. Unisys described its cybersecurity risks as hypothetical despite experiencing significant data exfiltration, while Avaya minimized the number of accessed email messages, knowing that at least 145 files were compromised. Check Point used generic terms to describe its breach, and Mimecast failed to disclose critical details about the stolen code and credentials

• To settle the charges, the companies agreed to pay civil penalties totaling nearly $7 million, with Unisys facing the largest fine of $4 million, followed by Avaya ($1 million), Check Point ($995,000), and Mimecast ($990,000).

• The SolarWinds hack, attributed to a Russian state-sponsored group, involved malicious code being injected into software updates for SolarWinds' Orion platform, affecting thousands of organizations including U.S. government agencies.?

Select timeline

• Oct 22, 2024 | SEC charges tech companies for downplaying SolarWinds breaches (Bleeping computer)
• Oct 22, 2024 | SEC charges 4 companies for downplaying SolarWinds attacks (Tech target)
• Oct 22, 2024 | SEC Charges Four Companies With Misleading Cyber Disclosures (SEC)

While you’re here…

If you find insights like these interesting, smash that subscribe button!?

If you’d like a deeper non-financial risk and opportunity analysis of any of the companies covered here — or that you’re focused on, let us know.?

We’d love to show you how Auquan’s Intelligence Engine can help you transform private company research for deal sourcing, borrower screens, due diligence, risk monitoring, sustainability, and compliance. Let’s talk!

#genai #privatequity #privatecredit #privatemarkets #fintech #duediligence #esg #rag