Data breaches

Despite what we assume are dedicated efforts to protect customer’s personal information, hackers are finding the loopholes in businesses’ process and technology data protection life cycle. It happened with Target in 2013, the Home Depot in 2014, and many others since, writes Todd Feinman, co-founder and chief product officer of Spirion.

Names, email, encrypted passwords and information related to Facebook and other networks are all at risk, according to Marty Puranik, CEO of Atlantic.Net.

When so many users trust large companies like Google with their personal data, it's up to these companies to disclose any compromise of the data security as early as possible, writes Aman Khanna, vice president of products for ThumbSignIn.

A former senior staffer at the Federal Deposit Insurance Corp. was found guilty of embezzling confidential information about banks from the agency before she left her post, and could face up to 20 years in prison.

It can be difficult for security analysts to pinpoint the abnormal behavior while sorting through huge amounts of data, according to Steve Moore, chief security strategist at Exabeam.

The Marriott incident will open the door to loyalty program fraud, account takeover and myriad other risks, writes Michael Reitblat, co-founder and CEO of Forter.

Republicans on the House Oversight Committee concluded that last year’s massive data breach at Equifax was fully preventable, but stopped short of recommending new laws aimed at averting future hacks. Democrats called the final report a “missed opportunity.”

Familiar recriminations and calls for legislation from lawmakers followed the massive hack of the Starwood hotel chain, but will Capitol Hill actually do anything?

Businesses need to prove that they have taken all possible actions to inform and mitigate the damage during an event, writes Ryan Wilk, vice president of customer success for NuData Security, a Mastercard company.

The comments by Brent McIntosh, Treasury's general counsel, are at odds with concerns by state regulators and consumer groups who fear that a national standard on how firms handle data breaches could weaken pre-existing rules.

Hotel and airline breaches have become far too common, according to Pravin Kothari, CEO of CipherCloud.

The bank says a calculation error led it to deny help to distressed homeowners; a former U.S. deputy attorney general will help with in the 1MDB fraud scandal.

The breach may have occurred through a technique called "credential stuffing," in which hackers who have stolen passwords for other websites try them out on an online banking site.

Main Street and Wall Street banks show strong earnings gains over last year; the president calls the Fed’s rate raising policies “my biggest threat.”

Consumers were scaling back Facebook usage even before last month's news of a massive data breach at the social network, leading some credit unions to question how they use the site.

Collaboration is a critical part of how we prevent cyberattacks from turning into breaches that put consumer payment card data at risk, writes Lance Johnson, executive director of PCI SSC.

The law gives residents more — and welcome — control over their data. But it will take work for credit unions to meet the new requirements, such as possibly having to amend third-party vendor agreements.

State regulators and advocacy groups say a federal breach notification standard could supersede state laws that already benefit consumers.

Once personal and financial information is accessible to criminals, it feeds the pipeline of future cybercrime for years to come, writes Ryan Wilk, vice president of customer success for NuData Security.

While nearly all banks, financial institutions and other organizations have a disaster recovery strategy in place, it’s clear that these plans are not enough to ensure these organizations remain online, regardless of what happens, according to Gijsbert Jassen van Doorn, technology evangelist at Zerto.