#finsec — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #finsec, aggregated by home.social.
-
Benworth Capital Partners negotiated with threat actors after more than 25,000 lenders had data stolen:
-
Thanks, Mathew! I just sent your new story on Scattered Spider to ShinyHunters to ask for his reaction, because it's clear from your reporting that not everyone went dark or silent.
His first response was "Ah crap."
That pretty much sums things up, doesn't it? 😂
I'll see if I get a more detailed response from him at some point. :)
-
Connex Credit Union notifies 172,000 members of hacking incident that involves their debit card numbers, Social Security Numbers, and other info:
https://databreaches.net/2025/08/10/connex-credit-union-notifies-172000-members-of-hacking-incident/
-
State Legislation : Rhode Island Enacts New Financial Institutions Cybersecurity Law With Immediate Effect:
-
"On April 11, 2025, the North Dakota governor signed H.B. 1127 (the “Act”), which establishes new data security measures and breach notification obligations for financial corporations. Covered entities include those that are regulated by the North Dakota Department of Financial Institutions and exclude financial institutions, such as banks, and credit unions."
Read more about the provisions of the new law on Hunton Andrews Kurth:
-
I very seldom see data breach notifications from North Dakota, but it's interesting to note that the state has now enacted HB 1127, overhauling its regulatory framework for financial institutions and nonbank financial service providers.
Read about the law's data protection and breach notification requirements: https://natlawreview.com/article/north-dakota-expands-data-security-requirements-and-issues-new-licensing
#databreach #legislation #infosecurity #notification #FinSec #NorthDakota
-
NY Attorney General James Announces Court Win Allowing Lawsuit Against Citibank to Continue
"[NY] sued Citi, one of the largest banks in the country, for failing to protect its consumers when they fall victim to fraud. The lawsuit alleges that scammers can steal from Citi’s customers because the bank fails to implement strong data security and anti-breach practices. As a result of Citi’s inadequate security, ineffective monitoring systems, and failure to respond in real-time and properly investigate fraud claims, New Yorkers have lost millions to scammers. "
-
Scattered Spider Hacking Gang Arrests Mount With Teen:
Remington Ogletree (aka "Remi") arrested and charged with wire fraud and aggravated identity theft.
This teen had jaw-droppingly bad opsec, and to add to it, he used a crypto laundering service on TG that was actually an undercover FBI operation.
https://databreaches.net/2024/12/05/scattered-spider-hacking-gang-arrests-mount-with-teen/
#ScatteredSpider #FinSec #Telecoms #Hack #phishing #infosec #databreach
-
NYDFS Superintendent Adrienne A. Harris Issues New Guidance to Address Cybersecurity Risks Arising from Artificial Intelligence
"This guidance does not impose new requirements, it helps DFS-regulated institutions meet their existing obligations in the Department’s cybersecurity regulation in light of evolving risks from AI."
Direct link to guidance letter:
https://www.dfs.ny.gov/industry-guidance/industry-letters/il20241016-cyber-risks-ai-and-strategies-combat-related-risks -
Today's insider threat story concerns a ruling by the Australian Financial Complaints Authority that held HSBC liable for money a customer lost to a rogue employee who was a scammer.
#HSBC may now be liable for all of the losses incurred by their other customers who also lost money due to a scam in which the scammer used the bank's real messaging system and their access to customer account info to scam the customers out of their money.
Direct link to #AFCA decision: https://my.afca.org.au/searchpublisheddecisions/kb-article/?id=f9f8941f-7379-ef11-ac20-000d3a6acbb4
-
Today's insider threat story concerns a ruling by the Australian Financial Complaints Authority that held HSBC liable for money a customer lost to a rogue employee who was a scammer.
#HSBC may now be liable for all of the losses incurred by their other customers who also lost money due to a scam in which the scammer used the bank's real messaging system and their access to customer account info to scam the customers out of their money.
Direct link to #AFCA decision: https://my.afca.org.au/searchpublisheddecisions/kb-article/?id=f9f8941f-7379-ef11-ac20-000d3a6acbb4
-
Today's insider threat story concerns a ruling by the Australian Financial Complaints Authority that held HSBC liable for money a customer lost to a rogue employee who was a scammer.
#HSBC may now be liable for all of the losses incurred by their other customers who also lost money due to a scam in which the scammer used the bank's real messaging system and their access to customer account info to scam the customers out of their money.
Direct link to #AFCA decision: https://my.afca.org.au/searchpublisheddecisions/kb-article/?id=f9f8941f-7379-ef11-ac20-000d3a6acbb4
-
Today's insider threat story concerns a ruling by the Australian Financial Complaints Authority that held HSBC liable for money a customer lost to a rogue employee who was a scammer.
#HSBC may now be liable for all of the losses incurred by their other customers who also lost money due to a scam in which the scammer used the bank's real messaging system and their access to customer account info to scam the customers out of their money.
Direct link to #AFCA decision: https://my.afca.org.au/searchpublisheddecisions/kb-article/?id=f9f8941f-7379-ef11-ac20-000d3a6acbb4
-
Today's insider threat story concerns a ruling by the Australian Financial Complaints Authority that held HSBC liable for money a customer lost to a rogue employee who was a scammer.
#HSBC may now be liable for all of the losses incurred by their other customers who also lost money due to a scam in which the scammer used the bank's real messaging system and their access to customer account info to scam the customers out of their money.
Direct link to #AFCA decision: https://my.afca.org.au/searchpublisheddecisions/kb-article/?id=f9f8941f-7379-ef11-ac20-000d3a6acbb4
-
Israeli fintech Kima, Mastercard lab look to develop ‘DeFi credit card’ - Kima is seeking to bridge traditional and Web3 finance and make the user... - https://cointelegraph.com/news/israeli-fintech-kima-mastercard-defi-credit-card-project #israelinnovationauthority #decentralizedfinance #traditionalfinance #cybersecurity #bankaccounts #creditcards #mastercard #blockchain #innovation #startups #fintech #israel #finsec #kima #defi
-
loanDepot notifying 17 million customers after ransomware attack in January:
-
Hooray for NYS AG Letitia James. She has sued Citibank for poor security and failure to comply with #EFTA when consumers report #fraud or #theft.
Snippets from the press release:
"The OAG found that Citi’s systems do not respond effectively to red flags, such as scammers who are using unrecognized devices, are accessing accounts from new locations, or are changing banking passwords or usernames. Additionally, Citi systems do not flag and stop efforts to transfer funds from multiple accounts into a single account and then send tens of thousands of dollars out the door in minutes. Citi also does not automatically initiate investigations or report fraudulent activity to police or law enforcement authorities when consumers first report it to Citi."
"Under EFTA, banks such as Citi are required to reimburse their customers for money in their accounts that is lost or stolen through unauthorized electronic payments. However, Citi illegally exploited a narrow exception in these laws to deny consumer claims for reimbursement, resulting in millions of dollars in losses for New York consumers. Through this lawsuit, Attorney General James is seeking to stop Citi’s deceptive practices and to collect restitution for victims who were denied reimbursement in the last six years, penalties, and disgorgement. "
Press release: https://ag.ny.gov/press-release/2024/attorney-general-james-sues-citibank-failing-protect-and-reimburse-victims
Direct link to complaint: https://ag.ny.gov/sites/default/files/2024-01/citi-complaint.pdf
-
NYS DFS is really rocking it in enforcement.
NYS announces $8 Million Penalty Against Genesis Global Trading, Inc. After DFS Investigation Finds Significant Failings in Anti-Money Laundering and Cybersecurity Programs
Consent order:
https://www.dfs.ny.gov/system/files/documents/2024/01/ea20240104_genesis_global_trading_inc.pdfEntities doing business in New York should really keep an eye on these enforcement actions by DFS and the AG's office on cybersecurity.
#cybersecurity #infosec #AML #FinSec #databreach #dataprotection