Data breaches

The cybersecurity leaders argued in a recent court briefing that the SEC's lawsuit against the SolarWinds CISO could harm the profession at large.

The Federal Reserve's vice chair for supervision also said he expects cyber threats against the financial services industry to become increasingly disruptive.

Many of the attack vectors, including ransomware and phishing, will likely continue to plague the industry through 2024.

A third-party provider for credit unions failed to fix a long-patched vulnerability, according to a cybersecurity researcher who has studied the situation.

While ransomware group Alphv/Blackcat claims to have orchestrated the incident, title insurance company Fidelity National Financial has not yet stated whether confidential data was compromised.

The cybercriminals said a new SEC rule required loan software company MeridianLink to report last week's breach, but the rule does not take effect until next month.

The bank suffered its third breach in three years, this time by virtue of a vulnerability in Progress Software's file-transfer system. But Flagstar is only one of many such victims.

Ongoing disruptions and a reported ransom payment highlight the complexity of cybercrime networks and the pitfalls of paying ransoms.

One security researcher said the total number of consumers who had data stolen in MoveIt breaches exceeds 20 million, and more are expected to be reported.

The February attack on the title loan company exposed Social Security numbers and possibly driver's licenses and passports. Eleven other financial companies have reported hacks this year.

Using compromised identities, fraudsters could simply skip security questions to obtain credit files loaded with sensitive information.

Hacks of banks, credit unions and insurance companies compromised the data of millions of consumers, who filed a flurry of class actions in response.

The Office of the Comptroller of the Currency has stopped requiring the bank to provide quarterly progress reports about its efforts to mitigate cloud computing risks.

A class action said the company, which has suffered two breaches in the past year, also was responsible for a larger breach and “downplayed” the situation when it notified consumers.

Financial institutions need to begin sharing profiles of fraudsters posing as legitimate customers. The technology to do it securely is already available.

The identity management company, which has many bank clients, said it learned the extent of a January breach five days before hackers told the world about it.

The cybercriminal group N4ughtySecTU claimed to have stolen 54 million personal records from the credit bureau and demanded $15 million.

Morgan Stanley agreed to pay $60 million to settle a class action suit by consumers claiming the firm failed to safeguard their personal information.

Morgan Stanley on Thursday disclosed that a data breach at one of its contractors led to the theft of personal information about some customers whose stock accounts had gone dormant.

With the Colonial Pipeline attack still in the news, bank CEOs testifying at a recent hearing cited cyber risk as the biggest threat facing the industry. But members of Congress did not share those concerns, and instead were more focused on criticizing banks about overdraft fees and their level of investment in minority communities.