Data breaches

Stories about data breaches, fraud and one neobank were reader favorites this year.

The Troy, Michigan-based lender and servicer faces at least seven lawsuits over a hack in June allegedly perpetrated by a known ransomware gang.

Six class action lawsuits seek over $5 million after an insider accessed sensitive records.

Companies that lack artificial intelligence governance may spend hundreds of thousands of dollars more in responding to cyberattacks, IBM found.

A security researcher found a database exposing names, addresses, and bills apparently belonging to Willow Pay, a fintech for short-term financing on bills.

2024 brought important issues front and center for bankers, ranging from the rise of artificial intelligence to the fall of banking-as-a-service.

The breach, which occurred earlier in November, did not directly impact customer operations, but a threat actor stole data meant for customers.

The four lawsuits allege that attackers stole members' Social Security numbers, among other data. Patelco has not yet confirmed whether any data was stolen.

Wise, Affirm and Bilt Rewards are among the seven fintechs whose customers' data has gotten tied up in the breach. The number of affected companies is likely to grow.

In this month's roundup of top banking news: a cease-and-desist issued by the Federal Reserve, high CFO turnover, the end of Chevron deference and more.

The threat actor Sp1d3r posted an ad for the stolen data on Wednesday. Truist said the October breach is not related to a campaign by the same criminal group.

Financial Business and Consumer Solutions disclosed a February breach in April and recently disclosed an expanded victim count. The company faces a class action lawsuit.

The attack is one of three major incidents the lender has suffered in the past three years.

Bank of America, Citi and Navy Federal are among banks and credit unions to recently manage through unforeseen challenges.

Customers with deferred compensation plans at the bank had personally identifiable information compromised through a third party, Infosys McCamish.

The cybersecurity leaders argued in a recent court briefing that the SEC's lawsuit against the SolarWinds CISO could harm the profession at large.

The Federal Reserve's vice chair for supervision also said he expects cyber threats against the financial services industry to become increasingly disruptive.

Many of the attack vectors, including ransomware and phishing, will likely continue to plague the industry through 2024.

A third-party provider for credit unions failed to fix a long-patched vulnerability, according to a cybersecurity researcher who has studied the situation.

While ransomware group Alphv/Blackcat claims to have orchestrated the incident, title insurance company Fidelity National Financial has not yet stated whether confidential data was compromised.