22 November 2021 Background information Date of final decision: 14 October 2021 Cross-border case or national case: National case Controller: Bank Millennium S.A. Legal Reference: Notification of a personal data breach to the supervisory authority (Article 33(1)), Communication of a personal data breach to the data subject (Article 34(1)) Decision: Infringement of the GDPR, fine…
Category: Financial Sector
US regulators order banks to report cyberattacks within 36 hours
Sergiu Gatlan reports: US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the…
Robinhood Security Breach Exposes Data on Millions of Users
Annie Massa reports: Robinhood Markets Inc. said personal information of about 7 million people — or roughly a third of its customers — was compromised in a data breach last week and that the culprit demanded payment. The intruder obtained email addresses of about 5 million people as well as full names for a separate group…
Attorney General James Directs Unregistered Crypto Lending Platforms to Cease Operations In New York, Announces Additional Investigations
NEW YORK – New York Attorney General Letitia James today announced new efforts she is taking to protect New York investors, and the trading markets more generally, from exploitation by high-risk virtual currency schemes. Virtual or “crypto” currency lending platforms are essentially interest-bearing accounts that offer investors a rate of return on virtual currencies that…
Cyberattack shuts down Ecuador’s largest bank, Banco Pichincha
Lawrence Abrams reports: Ecuador’s largest private bank Banco Pichincha has suffered a cyberattack that disrupted operations and taken the ATM and online banking portal offline. The cyberattack occurred over the weekend, causing the bank to shut down portions of their network to prevent the attack’s spread to other systems. Read more on BleepingComputer.
Barclays Hacked by Cyberthieves Using Monzo Account, PISP
PYMNTS reports: Millions of pounds were swiped from Barclays accounts in a series of coordinated cyberattacks by a fraudster using a Monzo account and a payments initiation service provider (PISP), The Telegraph reported. PISPs are a newer concept, introduced by the revised European Payment Services Directive (PSD2), and give retail customers the ability to pay companies directly…