Senate Hearing Highlights Growing Risks of AI-Driven Fraud

The U.S. Senate Subcommittee on Consumer Protection held a hearing on AI-enabled fraud, focusing on deepfakes and scams. Lawmakers discussed potential liabilities and the need for stronger regulations, including updates to Section 230 and enhanced consumer protections. Witnesses emphasized the financial and reputational harm caused by AI-powered scams, with $10 billion lost to fraud in 2023 per the FTC. A global summit convened by President Biden also addressed AI safety. Future AI policies remain uncertain, with anticipated changes under President-elect Trump, who criticized current AI executive orders. Read more

Finastra Data Breach Exposes 400GB of Sensitive Information

Finastra, serving over 8,100 financial institutions, confirmed a data breach impacting its Secure File Transfer Platform. The attacker, alias "abyss0," exploited stolen credentials and exfiltrated 400GB of data, including sensitive client and operational documents. The breach, first advertised on BreachForums, involved IBM Aspera software for data transfer. Finastra replaced the compromised platform and notified affected clients within 24 hours. Investigations are ongoing to identify impacted customers and assess the scope of the breach. Read more

Amazon Affected by Data Breach Linked to MOVEit Vulnerability

Amazon confirmed a data breach exposed employee work contact information, including email addresses, phone numbers, and building locations, due to a security event involving its property management vendor. The breach, dating back to May 2023, is linked to the MOVEit file transfer vulnerability. Over 2.8 million lines of Amazon data were reportedly posted on a hacking forum, but no sensitive personal information like social security numbers or financial data was compromised. Other affected entities include MetLife, HP, and HSBC, with the perpetrator claiming possession of additional data. Amazon states its core systems remain secure. Read more

CFPB Highlights Gaps in Financial Data Privacy Protection

A CFPB report highlights gaps in U.S. privacy laws, especially regarding financial data. While federal laws like the GLBA and FCRA provide mature protections, they exempt financial institutions from newer state-level consumer privacy laws. This limits consumer rights like data access, deletion, and portability. The CFPB calls on states to reconsider exemptions, noting financial institutions' increasing data monetization. It emphasizes modern privacy law principles such as opt-in consent and data minimization, urging stronger protections amid growing regulatory shifts in financial data governance. Read more

Data Breach Exposes Personal Information of 56 Million Customers

A breach notification service revealed that personal data of 56,904,909 Hot Topic, Torrid, and Box Lunch customers was leaked online. The breach, linked to the MOVEit vulnerability and malware on a vendor's computer, includes names, emails, phone numbers, addresses, dates of birth, and partial credit card details. The hacker, using the alias "Satanic," claims access to a larger dataset and is demanding payment from Hot Topic. Hudson Rock confirmed the breach's credibility, but Hot Topic has yet to notify customers or release a public statement. Read more