Data breaches

The Cybersecurity Information Sharing Act, which has advanced far on Capitol Hill, promises to help businesses and government thwart cybercriminal attacks. But privacy advocates say the bill would make misuse of consumer data even easier.

Federal prosecutors on Tuesday charged three men in connection with the mass hack attack on JPMorgan Chase that took place in June 2014.

Buying stolen data is an effective way for banks to determine the source of a breach. But fraudsters are increasingly putting up roadblocks because such deals might make it tougher for them to break in next time.

Led by a team of financial services and regulatory veterans and young techies, Privacy.com represents the first mainstream attempt to build a business explicitly around transactional privacy in the era of Edward Snowden and Ashley Madison.

Hackers did not steal banking or payments data from Experian, but they might as well have. Breaches like the one sustained at the company call into question the entire system of identification that banks rely on to open accounts and conduct other everyday business.

Compared with other recent breaches, the theft of 6,400 user email addresses and passwords on the American Bankers Association's website might seem like small potatoes. But experts said the attack — the first in the association's history — was still significant and could have implications for banks.

A server containing sensitive consumer information at Experian has been breached, with the records of as many as 15 million T-Mobile customers stolen, the companies said Thursday.

In updating cards with EMV technology, Visa and MasterCard have neglected an important element of what makes the security standard so successful elsewhere. The need for PIN verification is clear.

Some critics argue that it's a bad idea to introduce chip cards without PIN requirements. But this debate is a distraction from the payments industry's robust and multifaceted efforts to fight cybercrime.

The collaboration between financial institutions and technology firms runs deep, but banks' recent criticism of lax regulatory oversight for nonbanks reveals fissures.

Atlanta-based bitcoin payment processor BitPay has suffered a phishing attack costing the company $1.8 million.

Fintech firm Tanium says it has found a unique method for securing the tens of thousands of vulnerable points in the computer networks of banks and other companies.

Banks are starting to lay traps for cybercriminals that have broken through their defenses.

Iron Mountain, the leading provider of document storage, is buying its main rival. If the merged company tried to raise prices, it might be the final straw that motivates banks to shift data storage to the cloud.

Software problems have recently plagued Bank of New York Mellon, HSBC and the New York Stock Exchange. Thorough testing and new quality standards can help financial institutions weed out weaknesses in their code that could (literally) break the bank.

A data breach-related court case involving Wyndham hotels and new Defense Department rules governing contractors provide banks some dos and don'ts in bringing vendors' security practices into line.

K2 Intelligence, an adviser on compliance and cybersecurity, has hired a former FBI cryptocurrency expert and a former regulator who worked on New York's digital currency regulations.

Old-fashioned banks and neobanks are both finding the battle for acquiring customers to be treacherous. So BankMobile, a mobile-first banking service, has launched an innovation lab-like division seeking new tech that could attract thousands of new customers per month.

Target Corp. reached a settlement with Visa Inc. over a hacker attack that struck the chain during the 2013 holiday season and exposed millions of customers' personal information.

Ashley Madison, an online extramarital dating service that claims to protect users' privacy and security, has had its customer database compromised.