Data breaches

The threat actor Sp1d3r posted an ad for the stolen data on Wednesday. Truist said the October breach is not related to a campaign by the same criminal group.

Financial Business and Consumer Solutions disclosed a February breach in April and recently disclosed an expanded victim count. The company faces a class action lawsuit.

The attack is one of three major incidents the lender has suffered in the past three years.

Bank of America, Citi and Navy Federal are among banks and credit unions to recently manage through unforeseen challenges.

Customers with deferred compensation plans at the bank had personally identifiable information compromised through a third party, Infosys McCamish.

The cybersecurity leaders argued in a recent court briefing that the SEC's lawsuit against the SolarWinds CISO could harm the profession at large.

The Federal Reserve's vice chair for supervision also said he expects cyber threats against the financial services industry to become increasingly disruptive.

Many of the attack vectors, including ransomware and phishing, will likely continue to plague the industry through 2024.

A third-party provider for credit unions failed to fix a long-patched vulnerability, according to a cybersecurity researcher who has studied the situation.

While ransomware group Alphv/Blackcat claims to have orchestrated the incident, title insurance company Fidelity National Financial has not yet stated whether confidential data was compromised.

The cybercriminals said a new SEC rule required loan software company MeridianLink to report last week's breach, but the rule does not take effect until next month.

The bank suffered its third breach in three years, this time by virtue of a vulnerability in Progress Software's file-transfer system. But Flagstar is only one of many such victims.

Ongoing disruptions and a reported ransom payment highlight the complexity of cybercrime networks and the pitfalls of paying ransoms.

One security researcher said the total number of consumers who had data stolen in MoveIt breaches exceeds 20 million, and more are expected to be reported.

The February attack on the title loan company exposed Social Security numbers and possibly driver's licenses and passports. Eleven other financial companies have reported hacks this year.

Using compromised identities, fraudsters could simply skip security questions to obtain credit files loaded with sensitive information.

Hacks of banks, credit unions and insurance companies compromised the data of millions of consumers, who filed a flurry of class actions in response.

The Office of the Comptroller of the Currency has stopped requiring the bank to provide quarterly progress reports about its efforts to mitigate cloud computing risks.

A class action said the company, which has suffered two breaches in the past year, also was responsible for a larger breach and “downplayed” the situation when it notified consumers.

Financial institutions need to begin sharing profiles of fraudsters posing as legitimate customers. The technology to do it securely is already available.