Wendy's to pay $50M to settle data breach lawsuit

(Feb 15, 2019) Reuters reports Wendy’s has agreed to pay $50 million to resolve a lawsuit tied to its 2015 data breach. The lawsuit was brought forward by financial institutions that allege the restaurant chain’s negligence allowed malicious actors to steal payment card information. The $50 million settlement will be distributed to 7,500 banks and credit unions that had to issue 18 million payment cards compromised in the incident. The settlement will be finalized after it receives court approval.Full Story... Read More

EU reaches informal agreement on rules for law enforcement access to financial data

(Feb 14, 2019) Negotiators for the European Parliament and Council have informally agreed to new rules to improve law enforcement authorities’ access to financial data. The new measures would allow EU authorities to access bank account data to prevent, investigate and prosecute criminal activity. National competent authorities and financial intelligence units would be required to reply to any requests made by law enforcement in a timely manner under the rules. “We have taken another step in the fight against t... Read More

Senate committee seeks feedback on data-collection standards for financial institutions

(Feb 14, 2019) The U.S. Senate Banking Committee has sought feedback on potential data-collection and security standards for financial institutions, The Hill reports. The committee aims to find the best ways to give consumers more control over personally identifiable information gathered by financial organizations, particularly after the Equifax data breach. Leaders for the banking committee also call for improved data breach disclosure rules and standards to ensure data collected by credit agencies is accurat... Read More

EDPB approves accord for financial markets supervision, guidelines for no-deal Brexit

(Feb 13, 2019) Following its seventh plenary session, the European Data Protection Board has approved an "administrative arrangement" that was created by the European Securities and Markets Authority and International Organization of Securities Commissions to exchange market abuse data without violating Article 46(3)(b) of the EU General Data Protection Regulation. The arrangement will be submitted to relevant supervisory authorities for authorization at the national level. The EDPB also adopted two "informati... Read More

NY allows life insurers to use social media data to help set premium rates

(Feb 1, 2019) The New York State Department of Financial Services will now allow life insurers to use social media data and other forms of information to help set premium rates, The Wall Street Journal reports. Life insurers are permitted to incorporate this information into their processes as long as they can prove their algorithms are not biased against any marginalized groups. New York Financial Services Superintendent Maria Vullo said the department’s goal is to create a set of ground rules before the use... Read More

Op-ed: StatsCan data requests highlight important privacy debate

(Feb 1, 2019) In an op-ed for The Financial Times, Gillian Tett writes about whether companies should have to turn over private data to public bodies for statistical and policy purposes. Tett cites the debate around Statistics Canada’s request for banks to hand over customers’ financial data as the most notable occurrence of this debate. Tech groups have volunteered anatomized data to government bodies to assist in various efforts, but the conversation changes when dealing with industries that have strict pri... Read More

Discover files data breach notification with Calif. attorney general

(Jan 30, 2019) Discover Financial Services filed a data breach incident notification with the California attorney general's office, SC Media reports. Discover Director of External and Media Relations Jon Drummond said his company did not suffer a breach, but it filed the notification after it was informed “other outlets” have been impacted by incidents. Discover spotted the breach Aug. 13 and filed the report Jan. 25 but could not identify the information that may have been affected. The company has issued new... Read More

Judge rules Equifax must face data breach lawsuit

(Jan 30, 2019) U.S. District Judge Thomas Thrash ruled Equifax must face two class-action lawsuits tied to its 2017 data breach, Reuters reports. Despite the decision by the judge, parts of each lawsuit were dismissed. Meanwhile, TechCrunch reports the majority of the Fortune 100 companies have downloaded a vulnerable version of Apache Struts within the last six months, the same software Equifax had in place at the time of its breach.Full Story... Read More

Unprotected database exposes 24M financial, banking records

(Jan 24, 2019) An unprotected database found by a security researcher contained more than 24 million financial and banking records, TechCrunch reports. The records originated from various banks and contained customers’ names, addresses, birthdates, Social Security numbers, bank and checking account numbers, and other sensitive information. Bob Diachenko discovered the database on a server without any form of password protection. OpticsML, the owner of the server, shut it down Jan. 15 after it learned of the vu... Read More

SEC's GDPR concerns hampering European hedge funds

(Jan 14, 2019) European hedge funds have struggled to gain approval from the U.S. Securities and Exchange Commission due to the EU General Data Protection Regulation, the Financial Times reports. The SEC has asked companies that have attempted to register with the agency to provide assurance they can turn over information, such as trade records, financial statements and client profiles. The SEC has also considered asking companies that registered before the GDPR came into effect for the same assurances. Decher... Read More