It seems that yet another group of threat actors are trying the double-extortion method, replete with trying to get media coverage. “ALTDOS,” as they call themselves, contacted a number of news outlets in Thailand and online news sites to announce that they had attacked CGSEC on December 4. “A large Thailand SET public listed company…
Category: Financial Sector
River City Bank notifies customers after discovering insider wrongdoing
River City Bank had some explaining to do to customers. As described in their notification, a copy of which was submitted to the California Attorney General’s Office, the bank discovered a problem on September 29. An employee downloaded customer data to a personal storage drive and later sent it to a third party. The download…
Cayman Islands investment fund left entire filestore viewable by world+dog in unsecured Azure blob
Gareth Corfield reports: A Cayman Islands-based investment fund has exposed its entire backups to the internet after failing to properly configure a secure Microsoft Azure blob. Details of the fund’s register of members and correspondence with its investors could be freely read by anyone with the URL to its Azure blob, the Microsoft equivalent of…
ZA: Absa accuses employee of leaking customer data
Admire Moyo reports that Absa, one of the country’s largest banks, has disclosed a data breach that resulted in customer data being shared with external parties> In a statement to ITWeb, the bank says: “Absa advises that an employee has unlawfully made selected customer data available to a small number of external parties. The leaked…
CFPB to Play Peacemaker in Battle for Consumers’ Financial Data
Lydia Beyoud reports: The CFPB is ready to shape the next phase of open banking in the U.S. as it develops standards for how vast amounts of consumer financial data is shared among banks, fintech apps, and data transfer companies. Financial data sharing has been largely left in private-sector hands, but the Consumer Financial Protection…
State Financial Regulators Issue Ransomware Mitigation Tool
Kimberly Peretti, Amy Mushahwar, and Alysa Austin of Alston & Bird write: On October 13, 2020, state financial regulators in partnership with the Bankers Electronic Crimes Taskforce and the U.S. Secret Service, released the Ransomware Self-Assessment Tool (R-SAT) to help financial institutions mitigate the risks of ransomware. The R-SAT is a detailed questionnaire designed to evaluate the…