Fidelity Investments has reported a number of breaches this year, all involving exposure of information to the wrong people: On June 17, Fidelity notified the NH Attorney General’s Office that information (names and Social Security numbers) of Apria Healthcare plan members was accidentally included in a secure email sent to three employees of another client…
Category: Financial Sector
Redaction #FAIL: Software glitch Exposed Data on 150,000 Citi Customers in Bankruptcy Court Filings
Sean Sposito reports: In a case that could serve as a warning to other banks that contribute customer data to public storehouses, Citigroup this week acknowledged that it failed to safeguard the personal information — Social Security numbers, birth dates and other sensitive data — of nearly 150,000 consumers who went into bankruptcy between 2007…
St. Mary’s Bank notifies more than 115,000 customers after malware infection discovered
St. Mary’s Bank is a state-chartered community-based credit union in New Hampshire. On May 26, they discovered that one of their workstations was infected with malware that could have captured anything displayed on the screen. A forensic investigation discovered that 23 workstations could have been infected with the malware as early as February 2013. Although…
Appeals Court Sends Fiserv Data Breach Case Back to Trial
Robert McGarvey reports that a credit union’s lawsuit against Fiserv has been resurrected by a Tennessee court: The Court of Appeals in Tennessee, in a ruling filed July 3, ruled that a lower court erred when it dismissed a suit filed by Copper Basin Federal Credit Union and CUMIS against Fiserv Inc., wherein the plaintiffs…
1-800-Data Breach
Raj J. Patel reports: Despite the increase in cyberattacks, the Securities and Exchange Commission (SEC) has yet to publish guidelines as to when a corporation should publicly disclose the data loss, system disruption, or other damages caused by a cyber incident — even where the incident caused financial losses. Some companies have included standard warnings…
FDIC: 2011 FIS Breach Worse Than Reported
More fascinating reporting by Brian Krebs: A 2011 hacker break-in at banking industry behemoth Fidelity National Information Services (FIS) was far more extensive and serious than the company disclosed in public reports, banking regulators warned FIS customers last month. The disclosure highlights a shocking lack of basic security protections throughout one of the nation’s largest…