The Michigan bank is the latest company to have customer data compromised through a software vulnerability. The incident reinforces the importance of attack simulations, constant searches for intrusions and exchanges of intel with peers.
Federal banking agencies want to give the industry a hard deadline for notifying their regulators about serious security breaches and failed system upgrades.
It has been 15 years since the federal banking agencies issued guidance on an institution’s obligation to inform its regulator about a cyberattack. A proposal to be unveiled this week could establish a more specific notification deadline.
The regulator found that the financial services company failed to take precautions in disposing of hardware that contained sensitive customer information.
The Federal Financial Institutions Examination Council is best suited to craft uniform policies to protect consumer data. A patchwork of state rules is cumbersome.