home.social

#finsec — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #finsec, aggregated by home.social.

  1. @euroinfosec @zackwhittaker

    Thanks, Mathew! I just sent your new story on Scattered Spider to ShinyHunters to ask for his reaction, because it's clear from your reporting that not everyone went dark or silent.

    His first response was "Ah crap."

    That pretty much sums things up, doesn't it? 😂

    I'll see if I get a more detailed response from him at some point. :)

    #databreach #finsec #ScatteredSpider

  2. Connex Credit Union notifies 172,000 members of hacking incident that involves their debit card numbers, Social Security Numbers, and other info:

    databreaches.net/2025/08/10/co

    #databreach #FinSec #cybersecurity

  3. "On April 11, 2025, the North Dakota governor signed H.B. 1127 (the “Act”), which establishes new data security measures and breach notification obligations for financial corporations. Covered entities include those that are regulated by the North Dakota Department of Financial Institutions and exclude financial institutions, such as banks, and credit unions."

    Read more about the provisions of the new law on Hunton Andrews Kurth:

    hunton.com/privacy-and-informa

    #NorthDakota #databreach #datasecurity #FinSec #law

  4. I very seldom see data breach notifications from North Dakota, but it's interesting to note that the state has now enacted HB 1127, overhauling its regulatory framework for financial institutions and nonbank financial service providers.

    Read about the law's data protection and breach notification requirements: natlawreview.com/article/north

    #databreach #legislation #infosecurity #notification #FinSec #NorthDakota

  5. NY Attorney General James Announces Court Win Allowing Lawsuit Against Citibank to Continue

    "[NY] sued Citi, one of the largest banks in the country, for failing to protect its consumers when they fall victim to fraud. The lawsuit alleges that scammers can steal from Citi’s customers because the bank fails to implement strong data security and anti-breach practices. As a result of Citi’s inadequate security, ineffective monitoring systems, and failure to respond in real-time and properly investigate fraud claims, New Yorkers have lost millions to scammers. "

    ag.ny.gov/press-release/2025/a

    #databreach #fraud #FINsec #Citibank

  6. Scattered Spider Hacking Gang Arrests Mount With Teen:

    Remington Ogletree (aka "Remi") arrested and charged with wire fraud and aggravated identity theft.

    This teen had jaw-droppingly bad opsec, and to add to it, he used a crypto laundering service on TG that was actually an undercover FBI operation.

    databreaches.net/2024/12/05/sc

    #ScatteredSpider #FinSec #Telecoms #Hack #phishing #infosec #databreach

  7. NYDFS Superintendent Adrienne A. Harris Issues New Guidance to Address Cybersecurity Risks Arising from Artificial Intelligence

    "This guidance does not impose new requirements, it helps DFS-regulated institutions meet their existing obligations in the Department’s cybersecurity regulation in light of evolving risks from AI."

    Direct link to guidance letter:
    dfs.ny.gov/industry-guidance/i

    #AI #cybersecurity #NYDFS #FinSec

  8. Today's insider threat story concerns a ruling by the Australian Financial Complaints Authority that held HSBC liable for money a customer lost to a rogue employee who was a scammer.

    #HSBC may now be liable for all of the losses incurred by their other customers who also lost money due to a scam in which the scammer used the bank's real messaging system and their access to customer account info to scam the customers out of their money.

    theage.com.au/national/dragged

    Direct link to #AFCA decision: my.afca.org.au/searchpublished

    #databreach #fraud #insiderthreat #scam #FINSec

  9. Today's insider threat story concerns a ruling by the Australian Financial Complaints Authority that held HSBC liable for money a customer lost to a rogue employee who was a scammer.

    #HSBC may now be liable for all of the losses incurred by their other customers who also lost money due to a scam in which the scammer used the bank's real messaging system and their access to customer account info to scam the customers out of their money.

    theage.com.au/national/dragged

    Direct link to #AFCA decision: my.afca.org.au/searchpublished

    #databreach #fraud #insiderthreat #scam #FINSec

  10. Today's insider threat story concerns a ruling by the Australian Financial Complaints Authority that held HSBC liable for money a customer lost to a rogue employee who was a scammer.

    #HSBC may now be liable for all of the losses incurred by their other customers who also lost money due to a scam in which the scammer used the bank's real messaging system and their access to customer account info to scam the customers out of their money.

    theage.com.au/national/dragged

    Direct link to #AFCA decision: my.afca.org.au/searchpublished

    #databreach #fraud #insiderthreat #scam #FINSec

  11. Today's insider threat story concerns a ruling by the Australian Financial Complaints Authority that held HSBC liable for money a customer lost to a rogue employee who was a scammer.

    #HSBC may now be liable for all of the losses incurred by their other customers who also lost money due to a scam in which the scammer used the bank's real messaging system and their access to customer account info to scam the customers out of their money.

    theage.com.au/national/dragged

    Direct link to #AFCA decision: my.afca.org.au/searchpublished

    #databreach #fraud #insiderthreat #scam #FINSec

  12. Today's insider threat story concerns a ruling by the Australian Financial Complaints Authority that held HSBC liable for money a customer lost to a rogue employee who was a scammer.

    #HSBC may now be liable for all of the losses incurred by their other customers who also lost money due to a scam in which the scammer used the bank's real messaging system and their access to customer account info to scam the customers out of their money.

    theage.com.au/national/dragged

    Direct link to #AFCA decision: my.afca.org.au/searchpublished

    #databreach #fraud #insiderthreat #scam #FINSec

  13. Hooray for NYS AG Letitia James. She has sued Citibank for poor security and failure to comply with #EFTA when consumers report #fraud or #theft.

    Snippets from the press release:

    "The OAG found that Citi’s systems do not respond effectively to red flags, such as scammers who are using unrecognized devices, are accessing accounts from new locations, or are changing banking passwords or usernames. Additionally, Citi systems do not flag and stop efforts to transfer funds from multiple accounts into a single account and then send tens of thousands of dollars out the door in minutes. Citi also does not automatically initiate investigations or report fraudulent activity to police or law enforcement authorities when consumers first report it to Citi."

    "Under EFTA, banks such as Citi are required to reimburse their customers for money in their accounts that is lost or stolen through unauthorized electronic payments. However, Citi illegally exploited a narrow exception in these laws to deny consumer claims for reimbursement, resulting in millions of dollars in losses for New York consumers. Through this lawsuit, Attorney General James is seeking to stop Citi’s deceptive practices and to collect restitution for victims who were denied reimbursement in the last six years, penalties, and disgorgement. "

    Press release: ag.ny.gov/press-release/2024/a

    Direct link to complaint: ag.ny.gov/sites/default/files/

    #FinSec #infosecurity #cybersecurity #UCC #enforcement

  14. NYS DFS is really rocking it in enforcement.

    NYS announces $8 Million Penalty Against Genesis Global Trading, Inc. After DFS Investigation Finds Significant Failings in Anti-Money Laundering and Cybersecurity Programs

    Press release:
    databreaches.net/nys-announces

    Consent order:
    dfs.ny.gov/system/files/docume

    Entities doing business in New York should really keep an eye on these enforcement actions by DFS and the AG's office on cybersecurity.

    #cybersecurity #infosec #AML #FinSec #databreach #dataprotection

    @campuscodi @euroinfosec