Jim Nash reports: A U.S. consumer finance regulator has published a circular warning that insufficient security for consumer biometric and other personal data is illegal under federal law. Multi-factor authentication is singled out as a method of making data security sufficient. Anyone reading that who still thinks it will never happen to them is invited…
Category: Financial Sector
NYDFS Proposed Amendments to Its Cybersecurity Rules
Patrick H. Haggerty and Elise Elam of BakerHostetler write: On July 29, the New York Department of Financial Services (NYDFS) released Draft Amendments to its Part 500 Cybersecurity Rules that include a number of significant amendments to the rules, including notification requirements such as a mandatory 24-hour notification for cyber ransom payments, specific requirements for…
Malaysian payment gateway platform iPay88 suffers data leak, card data may be compromised
Raymond Saw reports: If you typically use contactless payment methods, chances are that you’ve used iPay88 even without realising it. iPay88 is one of Malaysia’s biggest payment gateway platforms, providing point-of-sale solutions for plenty of merchants throughout Malaysia and the region. As such, it’s understandably quite worrying to know then that iPay88 has suffered a cybersecurity…
Three Defendants Sentenced In Fraud And Identity Theft Scam Targeting Customers Of Banks And Credit Unions
August 8 – U.S. District Judge Paul Maloney today sentenced Cedric Smith to a prison term of 70 months. His sentence is the last handed down in a West Michigan federal case charging three Miami, Florida residents with bank fraud and aggravated identity theft. In February 2021, a grand jury charged Cedric Smith, Daja Smith…
No Injury = No Article III Standing in Data Breach Class Action
Amy Brown Doolittle of Squire Patton Boggs writes: As we have discussed here at CPW, one of the biggest challenges facing a plaintiff in a data breach class action is to establish an injury from the alleged data breach. Earlier this week, in David De Midicis v. Ally Bank & Ally Fin., Inc., 2022 U.S. Dist. LEXIS…
DeBridge Team Foils Possible Lazarus Group Cyberattack
Tom Carreras reports: North Korean hacking syndicate Lazarus Group is thought to be behind a failed cyberattack on deBridge Finance yesterday. […] According to Smirnov, several members of the deBridge team received emails yesterday with PDFs attached to them entitled “New Salary Adjustments.” Downloading the file and submitting password information would have unleashed a data-collecting…