Dissent Doe 
Benworth Capital Partners negotiated with threat actors after more than 25,000 lenders had data stolen:
Thanks, Mathew! I just sent your new story on Scattered Spider to ShinyHunters to ask for his reaction, because it's clear from your reporting that not everyone went dark or silent.
His first response was "Ah crap."
That pretty much sums things up, doesn't it? đ
I'll see if I get a more detailed response from him at some point. :)
Connex Credit Union notifies 172,000 members of hacking incident that involves their debit card numbers, Social Security Numbers, and other info:
https://databreaches.net/2025/08/10/connex-credit-union-notifies-172000-members-of-hacking-incident/
State Legislation : Rhode Island Enacts New Financial Institutions Cybersecurity Law With Immediate Effect:
"On April 11, 2025, the North Dakota governor signed H.B. 1127 (the âActâ), which establishes new data security measures and breach notification obligations for financial corporations. Covered entities include those that are regulated by the North Dakota Department of Financial Institutions and exclude financial institutions, such as banks, and credit unions."
Read more about the provisions of the new law on Hunton Andrews Kurth:
I very seldom see data breach notifications from North Dakota, but it's interesting to note that the state has now enacted HB 1127, overhauling its regulatory framework for financial institutions and nonbank financial service providers.
Read about the law's data protection and breach notification requirements: https://natlawreview.com/article/north-dakota-expands-data-security-requirements-and-issues-new-licensing
#databreach #legislation #infosecurity #notification #FinSec #NorthDakota
NY Attorney General James Announces Court Win Allowing Lawsuit Against Citibank to Continue
"[NY] sued Citi, one of the largest banks in the country, for failing to protect its consumers when they fall victim to fraud. The lawsuit alleges that scammers can steal from Citiâs customers because the bank fails to implement strong data security and anti-breach practices. As a result of Citiâs inadequate security, ineffective monitoring systems, and failure to respond in real-time and properly investigate fraud claims, New Yorkers have lost millions to scammers. "
Scattered Spider Hacking Gang Arrests Mount With Teen:
Remington Ogletree (aka "Remi") arrested and charged with wire fraud and aggravated identity theft.
This teen had jaw-droppingly bad opsec, and to add to it, he used a crypto laundering service on TG that was actually an undercover FBI operation.
https://databreaches.net/2024/12/05/scattered-spider-hacking-gang-arrests-mount-with-teen/
#ScatteredSpider #FinSec #Telecoms #Hack #phishing #infosec #databreach
NYDFS Superintendent Adrienne A. Harris Issues New Guidance to Address Cybersecurity Risks Arising from Artificial Intelligence
"This guidance does not impose new requirements, it helps DFS-regulated institutions meet their existing obligations in the Departmentâs cybersecurity regulation in light of evolving risks from AI."
Direct link to guidance letter:
https://www.dfs.ny.gov/industry-guidance/industry-letters/il20241016-cyber-risks-ai-and-strategies-combat-related-risks
Today's insider threat story concerns a ruling by the Australian Financial Complaints Authority that held HSBC liable for money a customer lost to a rogue employee who was a scammer.
#HSBC may now be liable for all of the losses incurred by their other customers who also lost money due to a scam in which the scammer used the bank's real messaging system and their access to customer account info to scam the customers out of their money.
Direct link to #AFCA decision: https://my.afca.org.au/searchpublisheddecisions/kb-article/?id=f9f8941f-7379-ef11-ac20-000d3a6acbb4
