CVS has confirmed its photo website, CVSphoto.com, was breached this summer.

And as a result, the pharmacy chain tops this week’s list of IT security newsmakers to watch, followed by Excellus BlueCross BlueShield, ESET and the Atlantic Council.

What can managed service providers (MSPs) and their customers learn from this week’s IT security newsmakers? Find out in this edition of IT security stories to watch:

1. CVS data breach: Here’s what you need to know

CVS last week provided additional details about a CVSphoto.com data breach that occurred in July.

“Investigators have now confirmed that there was an illegal intrusion … that potentially resulted in the unauthorized acquisition of data entered by certain users on CVSPhoto.com,” CVS said in a prepared statement. “Nothing is more central to us than protecting the privacy and security of our customer information, including financial information. We apologize for this inconvenience.”

CVS said it continues to investigate the incident, and the company’s online photo service could be restored this fall.

2. Excellus gets breached

More than 10 million records were exposed in a data breach of health insurer Excellus, according to CNET. Excellus identified the cyberattack on Aug. 5 and is investigating the incident.

“[Excellus] has been the target of a sophisticated cyberattack,” Excellus said in a prepared statement. “The security of personal information we collect and maintain is a top priority for us. We’re taking proactive steps to address this issue.”

In addition, Excellus is providing two years of free credit monitoring and identity theft protection services to those who may have been affected by the data breach.

3. Introducing the LockerPIN ransomware

Antivirus software provider ESET has discovered LockerPIN, Android PIN-setting ransomware.

LockerPIN resets a device’s PIN, locks the screen and demands a $500 ransom, ESET said. 

However, ESET said using an Internet security solution designed specifically for Android smartphones and tablets can help prevent the risk of LockerPIN infection.

4. How much will cyberattacks cost in 2030?

A new report from the Atlantic Council in conjunction with Zurich Insurance Group revealed that cyberattacks may cost organizations up to $120 trillion by 2030.

The report also showed that that the one-off annual cost of managing cyber risks will begin to outweigh the annual economic benefits globally by 2019.

“The focus for businesses in an interconnected world should be on how to bounce back from cyber risk events. It is very clear that businesses that want to protect themselves from cyber risks must adopt a mindset of resilience,” Cecilia Reyes, Zurich’s chief risk officer, said in a prepared statement.

What are your thoughts on this week’s IT security stories to watch? Share your thoughts about this story in the Comments section below, via Twitter @dkobialka or email me at [email protected].