CUNA reports: NCUA issued a Letter to Credit Unions (23-CU-07) on the cyber incident notification requirements that go into effect Sept. 1. Credit unions will be required to notify the NCUA no later than 72 hours after the credit union reasonably believes it has experienced a reportable cyber incident or has received a notification...
Micaela McMurrough and Caleb Skeath of Covington & Burling write: Following up on the recent release by the New York Department of Financial Services (“NYDFS”) of an updated proposed second amendment to its “first-in-the-nation” Cybersecurity Regulation, 23 NYCRR Part 500 (proposed second amendment released June 28, 2023), it is not too late for companies to submit...
Marco A. De Felice of SuspectFile (aka @amvinfe) reports that BankCard USA (BUSA) recently paid the Black Basta ransomware group $50,000 ransom. But if BUSA hoped to keep the breach and payment out of the public eye, they should sit down before they read SuspectFile’s reporting, because it is going to make them sad....
Sergiu Gatlan reports: Law enforcement has detained a suspect believed to be a key member of the OPERA1ER cybercrime group, which has targeted mobile banking services and financial institutions in malware, phishing, and Business Email Compromise (BEC) campaigns. The gang, also known as NX$M$, DESKTOP Group, and Common Raven, is suspected of having stolen...
The Straits Times/ANN reports: Thirteen people, including a 16-year-old youth, were arrested for their suspected involvement in the recent spate of banking-related malware scam cases. Preliminary investigations showed that 10 of the 13 suspects, aged between 16 and 27, had allegedly facilitated the scam cases by sharing their bank accounts, Internet banking credentials and/or...
Victor Enengedi reports: A total sum exceeding N200 million has been collected by the Federal Government from at least seven banks and various other institutions. The Federal Government collected these payments from these financial institutions as a consequence of their infringement upon the data privacy rights of Nigerian citizens. Read more at Legit. (If...
The Justice Department unsealed charges related to the 2011 hack of the cryptocurrency exchange Mt. Gox and the operation of the illicit cryptocurrency exchange BTC-e. According to court documents, Alexey Bilyuchenko, 43, and Aleksandr Verner, 29, both Russian nationals, are charged with conspiring to launder approximately 647,000 bitcoins from their hack of Mt. Gox....
Neville Graham reports: With no indication of the extent of a data breach and cyberattack at investment firm Mayberry, the company yesterday urged clients to take immediate steps to protect themselves “against any possible adverse consequences”. In its second notice to its clients since Friday night, Mayberry yesterday asked them to actively monitor all...
Benjamin Wanger and Pierce T. Cox of BakerHostetler write: On February 9, 2023, the Department of Education Office of Federal Student Aid (“FSA”) issued an electronic notice regarding the Federal Trade Commission’s Final Rule amending the Standards for Safeguarding Customer Information (“Safeguards Rule”) under the Gramm-Leach-Bliley Act (“GLBA”). The amendments to the Safeguards Rule, which go...
FBI Identifies Cryptocurrency Funds Stolen by DPRK