Finance

Who: Fidelity Investments Life Insurance Co. disclosed that over 28,000 of its customers may have had their personal information compromised.

What: The data breach, discovered in October 2023, occurred due to an unauthorized third party gaining access to customer information held by third-party services provider Infosys McCamish Systems (IMS).

Impact: Affected customers' personal data, including names, Social Security numbers, state of residence, bank account and routing numbers, and birthdates, may have been exposed. Fidelity emphasized its commitment to the security of personal information and is providing free credit monitoring and identity restoration services for 24 months. This breach adds to a series of recent cybersecurity incidents affecting various companies, highlighting the ongoing challenges of safeguarding sensitive information.

Read the full article HERE

Who: American Express customers are affected by the data breach. The incident resulted from a hack at a third-party merchant processor, not a breach at American Express directly.

What: Customer credit cards were exposed in a data breach at a third-party service provider engaged by multiple merchants. The breach led to unauthorized access to the account information of some American Express Card Members, including account numbers, names, and card expiration data.

Impact: The breach raises concerns about the security of third-party service providers in the payment processing chain. While American Express asserts that its systems were not compromised, the incident highlights the risks associated with the broader payment ecosystem. The number of affected customers, the identity of the breached merchant processor, and the timeline of the attack remain unclear. American Express advises affected customers to review account statements, enable fraud alerts, and consider requesting new card numbers to mitigate potential…

LONDON, Nov 13 (Reuters) - China's biggest lender, the Industrial and Commercial Bank of China, paid a ransom after it was hacked last week, a Lockbit ransomware gang representative said on Monday in a statement which Reuters was unable to independently verify.

ICBC, whose U.S. arm was hit by a ransomware attack that disrupted trades in the U.S. Treasury market on Nov. 9, did not immediately respond to a request for comment.

"They paid a ransom, deal closed," the Lockbit representative told Reuters via Tox, an online messaging app.

The blackout at ICBC's U.S. broker-dealer left it temporarily owing BNY Mellon BK.N $9 billion, an amount many times larger than its net capital.

The hack was so extensive that even corporate email at the firm ceased to function, forcing employees to switch to Google mail, Reuters reported.

Malicious actors exploited an unknown flaw in Revolut's payment systems to steal more than $20 million of the company's funds in early 2022.

The development was reported by the Financial Times, citing multiple unnamed sources with knowledge of the incident. The breach has not been disclosed publicly.

The fault stemmed from discrepancies between Revolut's U.S. and European systems, causing funds to be erroneously refunded using its own money when some transactions were declined.

The problem was first detected in late 2021. But before it could be closed, the report said organized criminal groups leveraged the loophole by "encouraging individuals to try to make expensive purchases that would go on to be declined." The refunded amounts would then be withdrawn from ATMs.

The exact technical details associated with the flaw are currently unclear.