Doug Olenick reports: The American Bankers Association and three other groups have voiced objections to provisions in a cyber incident notification regulation for banks proposed by three federal agencies. For example, they say that the definition of a reportable “computer security incident” is too broad and would result in the reporting of insignificant events. The…
Category: Financial Sector
Br: Leak exposes 1.7 TB of customer data from Brazilian fintech iugu
Felipe Demartini reports (translation): A serious security breach exposed the information of, it is believed, all customers of the iugu services company, which operates in Brazil through financial management and automation systems. Users’ personal, banking and transaction data was available on an unprotected server for at least an hour. The discovery is by security expert…
Capital One notifies more clients of SSNs exposed in 2019 data breach
Sergiu Gatlan reports: US bank Capital One notified additional customers that their Social Security numbers were exposed in a data breach announced in July 2019. The day the breach was disclosed, the Department of Justice arrested and indicted the suspected hacker, former Amazon Web Services (AWS) employee Paige Thompson, who posted about stealing data on GitHub after infiltrating Capital One’s AWS…
UK: Print group hit by cyber attack
Jo Francis reports: It is believed that cyber criminals may be specifically targeting firms that provide support services to financial institutions. Operations at MBA Group, which has sites in London and Warrington, have been affected after the business was subjected to an attack. In a statement, sales director Kevin Stewart said the firm hoped to…
In: Threat actor offers to sell 8 TB of MobiKwik’s personal and financial data on almost 100M consumers
UPDATE1: MobiKwik is denying any breach. DataBreaches.net just received a statement from them: “Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media. We thoroughly investigated and did not find any security lapses. Our user and company data is completely…
Flagstar Bank loses customers’ social security numbers after Accellion attack
Graham Cluley writes: Things don’t get much worse than having to admit to your employees that a gang of cybercriminals have broken into your infrastructure, stolen the private details (social security numbers, names and home addresses) of your staff, and are demanding that your company pays a ransom before further sensitive data is leaked. Well,…