Kiwibank is investigating how it sent 4200 customers an email or online bank statement with their own account number, name and address, but another person’s transaction history. The commissioner, John Edwards, said some people will be identifiable by the statements and information sent. Read more on RNZ.
Category: Financial Sector
NY Charges First American Financial for Massive Data Leak
Brian Krebs reports: In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in…
SEC’s OCIE Issues Ransomware Risk Alert
Kate Hanniford of Alston & Bird writes: On July 10, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert noting the increasing sophistication of ransomware attacks on SEC registrants and service providers to SEC registrants. The Risk Alert is notable for its encouragement of financial services market participants more broadly and not just…
Italian Garante Fines Bank 600,000 Euros for Pre-GDPR Data Breach
Hunton Andrews Kurth writes: The Italian Data Protection Authority (Garante per la protezione dei dati personali, “Garante”) recently announced that it levied a €600,000 fine on banking institution UniCredit for several violations of the Italian Personal Data Protection Code, in its pre-General Data Protection Regulation (“GDPR”) form. The sanction was imposed following a data breach that took…
Hakbit ransomware campaign targeting specific European countries
Derek Kortepeter reports: Proofpoint researchers have published findings on a campaign involving the Hakbit ransomware. As their blog post states, the ransomware is being spread via spear-phishing emails targeted at individuals in “mid-level positions across the pharmaceutical, legal, financial, business service, retail, and healthcare sector.” The attacks, described as low-volume, are specifically targeting employees of organizations located in…
U.S. Deports Russian Hacker Convicted Of Stealing Almost $1 Million
There’s an update to a case previously noted on this site. From RadioFreeEurope/RadioLiberty: The United States has deported a Russian hacker who was sentenced to 48 months in prison for stealing hundreds of thousands of dollars from online banking accounts using malicious software known as NeverQuest. Officials from the Russian Embassy in the United States…