Data breaches

Eight states want the credit bureau to show what it’s doing to improve data security; Goldman, Morgan Stanley and Wells Fargo will be the focus of this set.

Under a consent order with Texas and seven other states, the Atlanta-based credit reporting firm agreed to shore up its information security efforts, but it will not have to pay any financial penalties.

The Dixons Carphone hack shows again that merchants and payment companies need to do more to make data unattractive to thieves, according to Robert Capps, vice president of NuData Security, a Mastercard Company.

PCI compliance can take time and is expensive, but it's a vital part of security and there are ways to mitigate the resource challenges, according to Justin Shipe, vice president of information security for CardConnect.

That’s the question executives of publicly traded banks are asking themselves as they try to make sense of new — and somewhat vague — guidance from the SEC on procedures for disclosing data breaches.

Many of these attacks have been server side ransomware and other sophisticated hacks, leading companies to examine the immature security processes, the technology of application security, and the insufficient expertise of development, writes Jeannie Warner, the security manager at WhiteHat Security.

We need to rethink how we acquire and manage consumer data, and any business using enterprise software needs to be accountable for how information is being processed, transported or shared, writes Chris Wong, CEO of LifeSite.

Canadian Imperial Bank of Commerce and Bank of Montreal are alerting clients that "fraudsters" claimed to have accessed personal and financial information of some customers.

Phishing is the likely culprit behind the recent Saks and Lord & Taylor breaches. Stronger email protection required to combat the threat, according to Matthew Vernhout, 250ok's director of privacy.

Deadlines imposed by U.S. and EU regulators are giving banks intercontinental whiplash.