Matthew Hughes reports: Workplace pension provider NOW: Pensions has emailed a number of UK customers to warn about a data leakage caused by contractor error. The email, seen by this publication, claims a service provider “unintentionally” posted user data to an unnamed “public software forum”. These records include biographical data (names, email addresses, and dates…
Category: Financial Sector
FCA fines Charles Schwab UK £8.96 million over safeguarding and compliance failures
The Financial Conduct Authority (FCA) has fined Charles Schwab UK Ltd (CSUK) £8.96 million for failing to adequately protect client assets, carrying out a regulated activity without permission and making a false statement to the FCA. Customers affected by the breaches were all retail customers, who require the greatest level of protection. Mark Steward, Executive…
Federal financial regulators propose computer-security incident notification for banks
Sindhu Ajay reports: The US Office of the Comptroller of the Currency, the Federal Reserve Board, and the Federal Deposit Insurance Corporation Friday proposed a new computer-security incident notification requirement for banking organizations and their bank service providers. The proposed rule would require a banking organization to provide its primary federal regulator a prompt notification of…
NEXA Mortgage sued over broker’s alleged data theft
James Kleimann reports: In a lawsuit filed last week, a mortgage brokerage claimed that one of its former loan officers stole a database containing client names and information and brought it with him to a new job at NEXA Mortgage. Smart Mortgage, which operates in Illinois, Indiana, Colorado and Florida, filed suit against former senior loan…
Investigation into Desjardins’ compliance with PIPEDA following a breach of personal information between 2017 and 2019
From the moment it was disclosed, it seemed clear that the Desjardins breach of 2019 that involved a rogue employee was going to cause big trouble for Desjardins. And sure enough, in one day, they were hit with two potential class action lawsuits. Desjardins subsequently announced they were expanding the mitigation services being offered, but…
Thai securities trading firm goes offline after cyberattack
It seems that yet another group of threat actors are trying the double-extortion method, replete with trying to get media coverage. “ALTDOS,” as they call themselves, contacted a number of news outlets in Thailand and online news sites to announce that they had attacked CGSEC on December 4. “A large Thailand SET public listed company…