Brian Krebs reports: In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in…
Category: Financial Sector
SEC’s OCIE Issues Ransomware Risk Alert
Kate Hanniford of Alston & Bird writes: On July 10, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert noting the increasing sophistication of ransomware attacks on SEC registrants and service providers to SEC registrants. The Risk Alert is notable for its encouragement of financial services market participants more broadly and not just…
Italian Garante Fines Bank 600,000 Euros for Pre-GDPR Data Breach
Hunton Andrews Kurth writes: The Italian Data Protection Authority (Garante per la protezione dei dati personali, “Garante”) recently announced that it levied a €600,000 fine on banking institution UniCredit for several violations of the Italian Personal Data Protection Code, in its pre-General Data Protection Regulation (“GDPR”) form. The sanction was imposed following a data breach that took…
Hakbit ransomware campaign targeting specific European countries
Derek Kortepeter reports: Proofpoint researchers have published findings on a campaign involving the Hakbit ransomware. As their blog post states, the ransomware is being spread via spear-phishing emails targeted at individuals in “mid-level positions across the pharmaceutical, legal, financial, business service, retail, and healthcare sector.” The attacks, described as low-volume, are specifically targeting employees of organizations located in…
U.S. Deports Russian Hacker Convicted Of Stealing Almost $1 Million
There’s an update to a case previously noted on this site. From RadioFreeEurope/RadioLiberty: The United States has deported a Russian hacker who was sentenced to 48 months in prison for stealing hundreds of thousands of dollars from online banking accounts using malicious software known as NeverQuest. Officials from the Russian Embassy in the United States…
China launches cyber attacks on government websites and banks following India massacre
Grace Macrae reports: China has opened another front against India with sustained cyber attacks targeting government websites and banking systems. The Chinese DDOS (distributed denial of service) attacks have targeted information websites and the country’s financial payments system. DDOS attacks are malicious attempts to overwhelm a network by flooding it with artificially created internet traffic….