Data breaches

The cybercriminals said a new SEC rule required loan software company MeridianLink to report last week's breach, but the rule does not take effect until next month.

The bank suffered its third breach in three years, this time by virtue of a vulnerability in Progress Software's file-transfer system. But Flagstar is only one of many such victims.

Ongoing disruptions and a reported ransom payment highlight the complexity of cybercrime networks and the pitfalls of paying ransoms.

One security researcher said the total number of consumers who had data stolen in MoveIt breaches exceeds 20 million, and more are expected to be reported.

The February attack on the title loan company exposed Social Security numbers and possibly driver's licenses and passports. Eleven other financial companies have reported hacks this year.

Using compromised identities, fraudsters could simply skip security questions to obtain credit files loaded with sensitive information.

Hacks of banks, credit unions and insurance companies compromised the data of millions of consumers, who filed a flurry of class actions in response.

The Office of the Comptroller of the Currency has stopped requiring the bank to provide quarterly progress reports about its efforts to mitigate cloud computing risks.

A class action said the company, which has suffered two breaches in the past year, also was responsible for a larger breach and “downplayed” the situation when it notified consumers.

Financial institutions need to begin sharing profiles of fraudsters posing as legitimate customers. The technology to do it securely is already available.

The identity management company, which has many bank clients, said it learned the extent of a January breach five days before hackers told the world about it.

The cybercriminal group N4ughtySecTU claimed to have stolen 54 million personal records from the credit bureau and demanded $15 million.

Morgan Stanley agreed to pay $60 million to settle a class action suit by consumers claiming the firm failed to safeguard their personal information.

Morgan Stanley on Thursday disclosed that a data breach at one of its contractors led to the theft of personal information about some customers whose stock accounts had gone dormant.

With the Colonial Pipeline attack still in the news, bank CEOs testifying at a recent hearing cited cyber risk as the biggest threat facing the industry. But members of Congress did not share those concerns, and instead were more focused on criticizing banks about overdraft fees and their level of investment in minority communities.

The Tennessee company said an unauthorized party gained access to dozens of accounts and obtained less than $1 million from some of those accounts.

The Michigan bank is the latest company to have customer data compromised through a software vulnerability. The incident reinforces the importance of attack simulations, constant searches for intrusions and exchanges of intel with peers.

Federal banking agencies want to give the industry a hard deadline for notifying their regulators about serious security breaches and failed system upgrades.

It has been 15 years since the federal banking agencies issued guidance on an institution’s obligation to inform its regulator about a cyberattack. A proposal to be unveiled this week could establish a more specific notification deadline.

It's important that breach mitigation strategies take younger people, gaming and school into account, says ForgeRock's Ben Goodman.