Data breaches

The identity management company, which has many bank clients, said it learned the extent of a January breach five days before hackers told the world about it.

The cybercriminal group N4ughtySecTU claimed to have stolen 54 million personal records from the credit bureau and demanded $15 million.

Morgan Stanley agreed to pay $60 million to settle a class action suit by consumers claiming the firm failed to safeguard their personal information.

Morgan Stanley on Thursday disclosed that a data breach at one of its contractors led to the theft of personal information about some customers whose stock accounts had gone dormant.

With the Colonial Pipeline attack still in the news, bank CEOs testifying at a recent hearing cited cyber risk as the biggest threat facing the industry. But members of Congress did not share those concerns, and instead were more focused on criticizing banks about overdraft fees and their level of investment in minority communities.

The Tennessee company said an unauthorized party gained access to dozens of accounts and obtained less than $1 million from some of those accounts.

The Michigan bank is the latest company to have customer data compromised through a software vulnerability. The incident reinforces the importance of attack simulations, constant searches for intrusions and exchanges of intel with peers.

Federal banking agencies want to give the industry a hard deadline for notifying their regulators about serious security breaches and failed system upgrades.

It has been 15 years since the federal banking agencies issued guidance on an institution’s obligation to inform its regulator about a cyberattack. A proposal to be unveiled this week could establish a more specific notification deadline.

It's important that breach mitigation strategies take younger people, gaming and school into account, says ForgeRock's Ben Goodman.

Good communication is integral to facilitating collaboration between departments and offering a reminder that security is not achieved solely within the IT department; rather, it is a team effort, says KnowBe4's Javvad Malik.

The regulator found that the financial services company failed to take precautions in disposing of hardware that contained sensitive customer information.

It’s about time that we stopped ranking personal data theft on perceived severity. Any breach in which personal data is stolen needs to be treated as highly serious and punishable, says Juniper Networks’ Laurence Pitt.

This information can be used to access bank accounts and combined with other information on the dark web to access social media profiles, email accounts and more, says Jumio's Robert Prigge.

Businesses must take steps to manage Shadow Code data breach risk by applying timely security patches and upgrading vulnerable open source libraries and third-party plugins, says PermiterX's Ameet Naik.

The actual exposure could be more than ten times the initial breach, due to downstream sales of data, says Bitglass' Anurag Kahol.

Regulators found fault with the bank’s cloud migration efforts in the years that preceded a 2019 hacking incident.

Over the weekend, hackers broke in through a third-party vendor to steal names, email addresses and other personally identifiable information.

The Federal Financial Institutions Examination Council is best suited to craft uniform policies to protect consumer data. A patchwork of state rules is cumbersome.

The Federal Financial Institutions Examination Council is best suited to craft uniform policies to protect consumer data. A patchwork of state rules is cumbersome.