The Information Commissioner’s Office (ICO) has served the Bank of Scotland with a monetary penalty of £75,000 after customers’ account details were repeatedly faxed to the wrong recipients. The information included payslips, bank statements, account details and mortgage applications, along with customers’ names, addresses and contact details. The documents were faxed over a three year period, with the…
Category: Financial Sector
Employees of five client firms notified by Fidelity Investments that their data were exposed to the wrong parties
Fidelity Investments has reported a number of breaches this year, all involving exposure of information to the wrong people: On June 17, Fidelity notified the NH Attorney General’s Office that information (names and Social Security numbers) of Apria Healthcare plan members was accidentally included in a secure email sent to three employees of another client…
Redaction #FAIL: Software glitch Exposed Data on 150,000 Citi Customers in Bankruptcy Court Filings
Sean Sposito reports: In a case that could serve as a warning to other banks that contribute customer data to public storehouses, Citigroup this week acknowledged that it failed to safeguard the personal information — Social Security numbers, birth dates and other sensitive data — of nearly 150,000 consumers who went into bankruptcy between 2007…
St. Mary’s Bank notifies more than 115,000 customers after malware infection discovered
St. Mary’s Bank is a state-chartered community-based credit union in New Hampshire. On May 26, they discovered that one of their workstations was infected with malware that could have captured anything displayed on the screen. A forensic investigation discovered that 23 workstations could have been infected with the malware as early as February 2013. Although…
Appeals Court Sends Fiserv Data Breach Case Back to Trial
Robert McGarvey reports that a credit union’s lawsuit against Fiserv has been resurrected by a Tennessee court: The Court of Appeals in Tennessee, in a ruling filed July 3, ruled that a lower court erred when it dismissed a suit filed by Copper Basin Federal Credit Union and CUMIS against Fiserv Inc., wherein the plaintiffs…
1-800-Data Breach
Raj J. Patel reports: Despite the increase in cyberattacks, the Securities and Exchange Commission (SEC) has yet to publish guidelines as to when a corporation should publicly disclose the data loss, system disruption, or other damages caused by a cyber incident — even where the incident caused financial losses. Some companies have included standard warnings…