Data breaches

The hack prompts renewed concerns about security of data held in the cloud; lawmakers acknowledge that Facebook’s proposed Libra cryptocurrency could have applications for law enforcement.

The ongoing availability of stolen account information used to perpetrate vishing and phishing was exacerbated by the Capital One data breach disclosed this week, affecting 100 million accounts, and is likely to increase fraud threats.

A breach that compromises personal data of more than 100 million people is never good, but the company did follow some security best practices.

Capital One Financial lost data from as many as tens of millions of credit card applications after a Seattle woman hacked into a cloud-computing company server, federal prosecutors in Seattle said.

Consumers are looking forward to $125 settlement checks from Equifax Inc. stemming from a data breach two years ago. Hackers, however, are using the claims as another opportunity to steal their personal information.

Bank posts its best second quarter since 2010 after a disappointing Q1; Cerberus in talks to buy loans at the center of a major accounting error.

Equifax Inc. agreed to pay up to $700 million to resolve U.S. federal and state investigations into the 2017 hack that compromised some of the most sensitive information of more than 140 million people.

Firm will pay $700 million to settle issues stemming from data breach; don’t expect JPM CFO Jennifer Piepszak, or anyone else, to be named heir apparent.

The agreement with authorities including the Federal Trade Commission and state attorneys general — and possibly the Consumer Financial Protection Bureau — may be announced as soon as Monday.

A bill by Rep. Patrick McHenry, R-N.C., would give the CFPB authority to oversee cybersecurity efforts at the credit bureaus.

An employee at a Canadian cooperative recently stole nearly 3 million members’ personal data. Here’s why it matters to U.S.-based credit unions.

The watchdog and three Democratic lawmakers urged the agencies to stop using knowledge-based verification methods to grant access to their online portals.

Financial institutions have different levels of breach protection than health care, heightening the risk, according to Brad Keller, senior vice president and program director at Shared Assessments.

Companies must be more prepared to defend user data from malicious outsiders, or suffer the consequences of lawsuits, sanctions from data privacy laws, decreased user trust, tarnished brand reputation, damaged investor relations and more, writes Ben Goodman, vice president of global strategy and innovation at ForgeRock.

Data protection strategies need to consider how data travels and how that impacts vulnerabilities and breach risk, according to comforte AG's Jonathan Deveaux.

Some technology upgrade can leave databases open to the public internet, creating more risk for payment credential exposure and other risks, contends Ameya Talwalkar, co-founder and chief product officer of Cequence Security.

In the era of big data, a more thorough, data-centric approach is needed for security than the traditional encryption of the past, argues comforte AG's Jonathan Deveaux.

Given the risks of improperly securing a multicloud environment, it's crucial to engage with partners who understand networking, says Mounir Hahad, head of threat research for for Juniper Networks.

Some contracts are not "adequately" defining which party — the bank or the vendor — is responsible for managing risks, the agency said.

The watchdog’s report — requested by Sen. Elizabeth Warren, D-Mass., and Rep. Elijah Cummings, D-Md. — called for civil money penalty authority and better supervision to guard consumer data.