Security News

Spanish financial giant Santander has downplayed claims its international money transfer startup PagoFX was compromised. At the end of last week, The Register was contacted by an anonymous source who claimed "Database schemas, infrastructure docs, digital risk assessments, customer security checks, and Salesforce training material" belonging to PagoFX had been stolen and put up for sale on an underground hacking forum.

The confidential treatment records of tens of thousands of psychotherapy patients in Finland have been hacked and some leaked online, in what the interior minister said Monday was "a shocking act." Distressed patients flooded victim support services over the weekend as Finnish police revealed hackers accessed records belonging to private company Vastaamo, which runs 25 therapy centres across Finland.

The European Union has imposed sanctions on a Russian military malware developer and the commander of Russia's MI6 equivalent, a mere five years after the two targeted Germany's parliament with a cyberattack. The pair, an admiral commanding the GRU spy agency and a malware dev already on international sanctions lists for targeting the MH17 mass murder investigation, are now subject to yet another travel ban.

The world's biggest social media companies may have to put more of a priority on security now that a New York state financial watchdog is calling for the creation of a designated regulator tasked with monitoring their cyber defense. The New York State Department of Financial Services made the determination in a lengthy report on the Twitter hack in July after the Justice Department said two teenagers and a 22-year-old took over more than 100 prominent Twitter accounts, including the accounts of former President Barack Obama and former Vice President Joe Biden.

I think my husband's arrived at like, 1:30 or something in the morning, Thursday morning, so they kind of sent this out under cover of darkness, which I'm sure they want to minimize the publicity around it, but that's not going to happen because it's Barnes and Noble. Over the weekend, the Nook e-book reader - which my mom has one of those and they're kind of awesome - but the syncing feature for that went down and there was this outage that continued and it just kind of trended on a low level, nobody really knew what was going on.

Britain's information commissioner has fined British Airways 20 million pounds for failing to protect personal data for some 400,000 customers, the largest fine the agency has ever issued. The ICO said in a statement Friday that the airline was processing personal data without adequate security measures.

British Airways is to pay a £20m data protection fine after its 2018 Magecart hack - even though the Information Commissioner's Office discovered the airline had been saving credit card details in plain text since 2015. It also condemned BA's claims during fine negotiations that credit card data breaches are "An entirely commonplace phenomenon" and "An unavoidable fact of life".

Hackers needed roughly 24 hours to take over high-profile Twitter accounts in the July attack, a report from the New York Department of Financial Services reveals. A couple of weeks after the incident, Twitter revealed that hackers targeted some employees with phone phishing until gaining access to the account support tools they needed.

American financial regulators in New York have demanded Twitter be subject to harsher rules following the July hacks of prominent users' accounts - as CEO Jack Dorsey furiously backpedals after his website censored a news article from a US newspaper. The New York State Department of Financial Services demanded that Twitter be subject to more "Cybersecurity protections", controlled and overseen, naturally, by itself.

UPDATE. Barnes & Noble is warning that it has been hacked, potentially exposing personal data for shoppers - and offering phishers an early holiday gift. In any event, Barnes & Noble said that its IT team "Doesn't know" yet if customer info was exposed, but the systems that were hit contained personal data, so it may have been.