Data breaches

Flagstar’s data breach, and what banks can learn from it


The Michigan bank is the latest company to have customer data compromised through a software vulnerability. The incident reinforces the importance of attack simulations, constant searches for intrusions and exchanges of intel with peers.


Banks would have 36 hours to report cyberattacks under proposed rules


Federal banking agencies want to give the industry a hard deadline for notifying their regulators about serious security breaches and failed system upgrades.


Bank regulators mull stricter rules for reporting of data breaches


It has been 15 years since the federal banking agencies issued guidance on an institution’s obligation to inform its regulator about a cyberattack. A proposal to be unveiled this week could establish a more specific notification deadline.


OCC fines Morgan Stanley $60 million for 2016 data breach


The regulator found that the financial services company failed to take precautions in disposing of hardware that contained sensitive customer information.


Capital One to pay $80M in connection with massive data breach


Regulators found fault with the bank’s cloud migration efforts in the years that preceded a 2019 hacking incident.


Challenger bank Dave suffers data breach affecting all 7.5 million customers


Over the weekend, hackers broke in through a third-party vendor to steal names, email addresses and other personally identifiable information.


Put bank exam council in charge of data privacy


The Federal Financial Institutions Examination Council is best suited to craft uniform policies to protect consumer data. A patchwork of state rules is cumbersome.