Jun 102019

Tanya Chepkova reports:

Clients from the top three Russian banks entrusted their data — including phone numbers, addresses, and IDs — to the financial institutions. Now, this sensitive information is publicly available.

Databases with sensitive personal information about the clients of the top Russian banks — including Alfa Bank, the country’s largest commercial bank — leaked onto the Internet at the end of May, according to local media outlet Kommersant.

While the information from the compromised databases was gathered several years ago, a significant part of it is still relevant and can be used by unscrupulous crooks. Cybersecurity experts believe that people from those databases may be targeted by spammers or fall victim to scams.

Read more on BeinCrypto.

Jun 032019

Ben Grubb and Clancy Yeates report:

The private details of almost 100,000 Australian bank customers have been exposed in a cyber attack on the real-time payments platform PayID, which allows the instant transfer of money between banks using either a mobile number or email address.

The attack on Westpac, which also affects customers from other banks, has prompted a warning from computer security experts who say that the pilfered data could be used for fraud.

Read more on SMH.

May 142019

The Jakarta Post reports:

A network of credit card salespeople and bank employees have been trading the personal information of bank customers and credit card holders with each other in an effort to make quicker sales, as reported by Kompas daily in a recent investigation.
Personal information sold by the salespeople comprised a customer’s name, phone number, address and even their parents’ names.
Basic customer information, excluding their financial information, was sold for as low as Rp 300 (21 US cents) per piece of information. Personal information that included evidence of a customer’s financial health was typically sold for between Rp 20,000 and Rp 50,000 per piece of information.
Read more on The Jakarta Post.
May 112019

FirstBank, whose presence in the U.S. Virgin Islands is second only to Banco Popular’s, is canceling debit cards as soon as Monday because of what the bank described as a “possible external security” incident that affected the bank. The debit cards are being canceled, FirstBank said in emails sent to account holders, because accounts may have been compromised. Firstbank is also advising its customers to stay alert for the next 12 to 24 months and notify the bank of any suspicious activity.

Read more on The Virgin Islands Consortium.

Apr 302019

Craig A. Newman of Patterson Belknap writes:

The Securities and Exchange Commission is warning investment firms to step up their game when it comes to following the agency’s privacy rules. In a Risk Alert issued by the Office of Compliance Inspections and Examinations (OCIE), a laundry list of compliance “deficiencies or weaknesses” were identified in recent examinations of SEC-registered investment advisers and broker dealers.

Regulation S-P or the Safeguards Rule – the SEC’s primary rule regarding privacy – requires investment firms to “adopt written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information.”

Read more on Data Security Law Blog.