Ionut Arghire reports: Global payment service provider Checkout.com has disclosed a data breach after a known hacking group attempted to extort it. The incident, Checkout says, involved a legacy, third-party cloud file storage system that had not been used since 2020, and did not affect its payment processing platform. “The system was used for internal…
Category: Financial Sector
Court of Appeal reaffirms MFSA liability in data leak case, orders regulator to shoulder costs
Julia Dowling reports: The Court of Appeal has reaffirmed the Malta Financial Services Authority (MFSA) bears responsibility for an unauthorised disclosure of confidential data to the investigative website ‘OffshoreAlert’. The decision marks the latest development in a long-running legal battle over accountability and data protection standards within Malta’s financial regulator. This latest judgment, delivered on…
Benworth Capital Partners negotiated with threat actors after more than 25,000 lenders had data stolen
Benworth Capital Partners PR LLC is a licensed lender in Florida that describes itself as a “hard money lender.” Benworth claims they make the decisions to fund hard money loans “based on our unique criteria that’s a lot different than a bank, credit union, or mainstream online lender. The funds used for our hard money…
On Reports of an Alleged Data Breach Involving G-Xchange, Inc. (GCash)
From the National Privacy Commission of the Philippines: October 27, 2025 10:57 AM Last Edit: October 27th, 2025 The National Privacy Commission (NPC) urges the public to exercise heightened vigilance following reports of data leak allegedly involving G-Xchange, Inc., operator of GCash, which surfaced online on 26 October 2025. The NPC has immediately launched an…
Resource: NY DFS Issues New Cybersecurity Guidance to Address Risks Associated with the Use of Third-Party Service Providers
From NY DFS: New York State Department of Financial Services (DFS) Acting Superintendent Kaitlin Asrow today issued new cybersecurity guidance addressing the risks associated with entities becoming increasingly reliant on third-party service providers (TPSPs). The guidance builds on the Department’s ongoing work to protect New Yorkers and DFS-regulated entities from cybersecurity risks through its nation-leading…
Flagstar Agrees to $31.5 Million Deal in Accellion-Breach Suit
Christopher Brown reports: Flagstar Bank NA agreed to pay $31.5 million to settle allegations it failed to protect the personal information of nearly 2.2 million people in data breaches linked to Accellion Inc.’s file-transfer software. Class members would be eligible for up to $25,000 in documented monetary losses, three years of credit monitoring services, and…