James Bradshaw reports: A 2017 data breach that exposed personal information belonging to more than 113,000 Bank of Montreal customers exploited “significant weaknesses” in the bank’s safeguards that have since been strengthened, according to a report from the Privacy Commissioner of Canada. BMO previously disclosed the breach in May, 2018, after receiving a ransom demand…
Category: Financial Sector
10 countries simulate cyber attack on global financial system
Steven Scheer of Reuters reports: Israel on Thursday led a 10-country simulation of a major cyber attack on the global financial system in an attempt to increase cooperation that could help to minimise any potential damage to financial markets and banks. The simulated cyber attack evolved over 10 days, with sensitive data emerging on the…
PNB denies cybersecurity firm’s claim that 180 million customers’ data was breached, but CyberX9 calls their denial “false and misleading”
Regina Mihindukulasuriya reports: The Punjab National Bank (PNB) has denied media reports that over 180 million customers’ data has been breached or exposed, adding that the bank is certified with ISO 27001 standards for information security practices. PNB responded to media reports published Sunday, based on the findings by Chandigarh-based cybersecurity firm CyberX9, with a statement the…
Polish DPA: Bank Millennium fined 80,000 EUR for failure to notify the breach and the data subjects about the incident
22 November 2021 Background information Date of final decision: 14 October 2021 Cross-border case or national case: National case Controller: Bank Millennium S.A. Legal Reference: Notification of a personal data breach to the supervisory authority (Article 33(1)), Communication of a personal data breach to the data subject (Article 34(1)) Decision: Infringement of the GDPR, fine…
US regulators order banks to report cyberattacks within 36 hours
Sergiu Gatlan reports: US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the…
Robinhood Security Breach Exposes Data on Millions of Users
Annie Massa reports: Robinhood Markets Inc. said personal information of about 7 million people — or roughly a third of its customers — was compromised in a data breach last week and that the culprit demanded payment. The intruder obtained email addresses of about 5 million people as well as full names for a separate group…