Harriet Alexander and Julie Lewis report: The privacy watchdog has ordered American Express to rectify security flaws in five of its data systems to guard against “insider threats” and to restrict employee access to specific customer information to protect vulnerable and high-profile customers. Privacy Commissioner Carly Kind found the payments giant had “failed to implement...

Source

The Bombay High Court granted interim relief to HDFC AMC after a ransomware group called “Morpheus” allegedly stole over 680 GB of sensitive company and investor data. The court barred unidentified hackers from publishing or sharing the information, warning that any leak could lead to identity theft, financial fraud and irreparable harm. The case will...

Source

Connor Jones reports: A US commercial bank just tattled on itself to the Securities and Exchange Commission (SEC) for plugging a bunch of customer data into an unauthorized AI application. Community Bank, which operates in southwestern Pennsylvania, Ohio, and West Virginia, filed an 8-K with the regulator on Monday, saying it launched an investigation into the internal...

Source

Melanie Waddell reports: William Galvin, Massachusetts’ top securities regulator, ordered Fidelity Brokerage Services on Monday to pay $1.25 million for failing to enforce appropriate cybersecurity controls that resulted in a data breach affecting about 77,000 customers. “After learning of the breach, Fidelity also failed to notify many impacted residents, including the relatives and minor children...

Source

Yonhap News reports: Lotte Card has been notified by the financial watchdog that it is liable for around 5 billion won ($3.38 million) in financial penalties and a business suspension of over four months over a massive data leak, informed sources said Thursday. The Financial Supervisory Service recently sent the notice to the credit card...

Source

From the Garante’s press release, below, it sounds like the banking group experienced an insider-wrongdoing breach in which an employee improperly accessed  3,573 customer accounts over a period of two years. Data breach: The Italian Data Protection Authority fines Intesa Sanpaolo €31.8 million for unauthorized access to the banking information of over 3,500 customers for...

Source

Abdelaziz Fathi reports: Blockchain analytics firm Elliptic said the $285 million exploit of Solana-based Drift Protocol shows multiple indicators associated with North Korea’s state-sponsored hacking groups. The firm’s assessment is based on onchain behavior, laundering patterns, and network-level signals that align with previous incidents attributed to DPRK-linked actors. The attack is the largest crypto exploit...

Source