Travelex ransomware attack disrupted cash deliveries to major international banks. U.K. banks Barclays PLC and Lloyds Banking Group PLC, as well as Australia’s West Banking Corp., were unable to take orders from branches that rely on foreign-currency exchange company Travelex to supply cash, the WSJ reports. Travelex’s website and app have been offline since the company suffered a ransomware attack on New Year’s Eve. The British and Australian banks shut off their online retail foreign-currency exchange services, which are outsourced to Travelex. The banks confirmed the disruptions were the result of the Travelex outage. Travelex helps financial
institutions manage supplies of foreign bank notes and also operates a global network of retail foreign-exchange kiosks in airports and other locations.
Old-fashioned way: Agents working in the exchange kiosks have resorted to working manually and issuing handwritten receipts.
Wells Fargo struggles with aging tech. Software vulnerabilities and cybersecurity gaps are among the byproducts of older computer systems at the bank, the WSJ reports. The situation makes it harder to satisfy regulators and hampers key businesses. Tech workers at the bank are toiling to satisfy problems regulators have cited. Some relate to mundane topics like improving systems that control employee building access, according to a person familiar with the matter. A spokesman said the bank has made a number of improvements to its technology offerings, including card-free ATMs and contactless debit cards.
CISO shuffle: Gary Owen joined the bank as chief information security officer in May 2019, from WarnerMedia. He replaced Wells Fargo’s longtime cybersecurity chief, Rich Baich, who left the month before to be CISO at American International Group Inc.
Landmark Facebook settlement still working its way through court. Almost six months after Facebook Inc. agreed to a $5 billion settlement of privacy violations, the issue is anything but settled, the WSJ reports. The deal with the Federal Trade Commission, announced in July to settle allegations that Facebook broke promises to protect users’ privacy, is under review by a federal judge, who has been weighing objections from opponents.
Deadline this month: Judge Timothy Kelly of the U.S. District Court for the District of Columbia has ordered Facebook and the government to file by Jan. 24 written responses to privacy advocacy groups critical of the settlement. The groups’ chief complaint is a provision releasing Facebook from liability for past missteps, including any unfair or deceptive actions the FTC was aware of as of June 2019.
Defense: Facebook and the FTC have defended the record penalty and related requirements for the company, saying it will reshape how the company considers users’ privacy.
Russian hackers adapt tactics ahead of 2020 election. U.S. government officials are concerned about Russian hackers’ plans to interfere in the 2020 election, the New York Times reports. While companies and government agencies in the U.S. have improved cyber defenses since the 2016 presidential election, Russian hackers now use different tools and strategies to evade detection. The Internet Research Agency, which was behind online disinformation campaigns in 2016, now uses encryption tools to communicate.
Ransonware from Russia? The Department of Homeland Security is investigating whether Russian hackers are responsible for any ransomware attacks on U.S. cities and towns last year. U.S. officials said the attacks revealed security weaknesses that could be exploited during the 2020 election.
Iranian hackers linked to "password-spraying" attacks on U.S. utilities. Hackers backed by Iran are behind a campaign that targeted U.S. electric utilities with cyberattacks that guess common passwords for many different accounts, Wired reports. The practice is known as “password spraying.” Cybersecurity company Dragos Inc. attributed the activity to the hacker group Magnallium, which researchers have previously linked to Iran. A related group targeted U.S. utilities through security flaws in virtual private networking software. The two groups operated throughout 2019 and are still active, according to Dragos. The company didn’t say whether the campaigns resulted in successful security
breaches.
U.K. regulator fines retailer $654,000 for data breach. The U.K. Information Commissioner’s Office fined Dixons Carphone PLC £500,000 ($654,000) for a data breach the company discovered last summer, the Guardian reports. Malware infected 5,390 cash registers in the company’s Currys PC World and Dixons Travel stores between July 2017 and April 2018. Hackers collected payment-card data from 5.6 million people and personal information such as email addresses and details of failed credit checks from around 14 million people, the regulator said. The fine was the maximum sanction possible because the violation took place before Europe’s General Data Protection Regulation went into effect in May
2018. The GDPR allows regulators to impose higher fines.
|