Archives: Financial Privacy

Subscribe to Financial Privacy RSS Feed

$90 Million Cyber Thefts From Banks Using SWIFT Network Raise Security Issues

In February 2016, attackers stole $81 million from the Bangladesh central bank’s account at the New York Federal Reserve Bank by hacking into the Bangladesh bank’s computer network and sending fraudulent messages through the Society for Worldwide Interbank Financial Telecommunication (SWIFT) payment network. In January 2015, attackers netted $9 million in funds from an Ecuadorian … Continue Reading

PayPal Reaches Settlement With Texas Over Venmo Privacy and Security Disclosures

Venmo is a peer-to-peer mobile payments service that PayPal acquired in 2013. Users can transfer money to another person using a mobile or web application (e.g., send money to a friend to split the cost of dinner). On May 20, 2016, Texas Attorney General Ken Paxton announced that Texas had entered into an Assurance of … Continue Reading

Deeper Dive: Plan for Regulatory Scrutiny in Financial Services Data Security Incidents

Financial services industry companies were involved in 18% of the over 300 data security incidents we helped manage in 2015, and reported in our 2016 BakerHostetler Data Security Incident Response Report (the “Report”). After healthcare, the financial services industry was the second most affected industry according to the data we reported. It is not surprising … Continue Reading

Data Security in the Financial Industry: Five Key Developments to Keep An Eye on in 2016

According to a 2015 report on threats to the financial services sector, 41% of financial services organizations polled had experienced a data breach or failed a compliance audit in the previous year, and 57% listed preventing a data breach as their top IT priority.  Reflecting the ever-increasing awareness of threats to financial data security, 2015 … Continue Reading

Financial Institutions Privacy and Security – 2013 Year in Review

Throughout 2013, financial institutions continued to face serious threats from cybercriminals targeting the personal information of banking customers and their financial assets through the use of malicious software and denial of service attacks (DDoS).  In fact, according to the Verizon 2013 Data Breach Investigation Report, which is available here, thirty-seven percent of breaches this year … Continue Reading

Visa Loses Motion to Dismiss in Genesco Case – Are the Days for PCI Assessments Numbered?

Co-Authored by: Judy Selby In a highly anticipated decision, a federal court in Tennessee let stand a retailer’s claims against Visa for violation of California’s Unfair Competition Law (UCL) and for common law claims for unjust enrichment and restitution arising out of fines and assessments levied by Visa in the wake of a massive data … Continue Reading

Vermont and North Dakota Amend Breach-Notice Laws

On May 13, 2013, Vermont Governor Peter Shumlin signed H.513 into law. The new law includes an amendment to Vermont’s Security Breach Notice Act, 9 V.S.A. § 2435. Previously, under § 2435, Vermont-regulated financial institutions were exempt from notifying any Vermont authority in case of a security breach involving personally identifiable data. The new law … Continue Reading

Proposed FFIEC Guidance on Financial Institution Social Media Use

The Federal Financial Institutions Examination Council (FFIEC) released for comment on January 17 its proposed Social Media: Consumer Compliance Risk Management Guidance.  There is a 60-day comment period.  The purpose of the guidance is to help banks, savings associations, credit unions, and non-bank entities supervised by the Consumer Financial Protection Bureau (CFPB) understand and address … Continue Reading

Bank Agrees to Reimburse Company for Funds Taken Through Online Bank Account Theft

We reported in July on a First Circuit Court of Appeals decision finding that a bank failed to implement commercially reasonable security methods to prevent unauthorized transfers by a criminal that gained the online banking credentials of a construction company.  The criminal was able to steal $345,000 from the construction company’s account.  It was then reported on … Continue Reading

Internet Banking Authentication Security Procedures Found Commercially Unreasonable

It is a common scenario—a company’s computer system becomes infected with some variant of the Zeus Trojan with a key logger that sends key strokes out to a command and control server operated by a criminal. The criminal searches the key strokes to find login credentials to that company’s Internet bank account, which are used … Continue Reading

SEC and CFTC Propose Identity Theft Prevention Rules

Reflective of an increased interest in data privacy concerns, on February 28, 2012, the Securities and Exchange and Commodity Futures Trading commissions jointly released proposed rules designed to protect investors from identity theft by mandating the creation of programs to detect potential security threats.  The proposed rules are meant to implement Title X of the … Continue Reading

Speier Introduces “Do Not Track Me Online Act of 2011”

The FTC—in its December 2010 online privacy report and testimony before Congress—discussed the need for a browser-based “Do Not Track” mechanism to give consumers greater control over behavioral advertising.  Under the “Do Not Track Me Online Act of 2011” (H.R. 654)—introduced by Rep. Speier (D-CA) on February 11—the FTC will have 18 months to establish … Continue Reading

Noteworthy Data Privacy and Information Security Events in 2010

The two events that drew the most attention in 2010, both of which occurred at year-end, were reports from the FTC and the Department of Commerce.  Below is a brief summary of those two reports and other issues drawing attention in the past year: (1) FTC Issues Long-Awaited Consumer Privacy Policy Report On December 1, … Continue Reading
LexBlog