The Office of Compliance Inspections and Examinations alerted firms to the increased prevalence of "credential stuffing," a cyberattack method that involves the use of automated scripts to attempt to log into customer accounts using stolen personal information.
FINRA warned members about imposter websites that use the names of registered representatives to fraudulently solicit information from potential customers.
President Trump issued an Executive Order directing ByteDance Ltd., the Chinese-owned parent company of social networking application TikTok, to divest its U.S. assets within 90 days.
FINRA warned members of a new imposter website that uses a domain name nearly identical to that of FINRA's, but contains an extra "n" (i.e., "finnra").
President Trump's threatened Executive Order "banning" social media application TikTok prompted Microsoft to announce that it would "continue discussions to explore a purchase of TikTok in the United States."
FinCEN alerted financial institutions to indicators of COVID-19-related cybercrime. The alert concerns (i) the exploitation of remote platforms, particularly against financial and healthcare systems, (ii) phishing, malware and extortion schemes, and (iii) business email compromise fraud.
The New York State Department of Financial Services filed charges against a title insurance company for exposing customers' sensitive personal information on its website.
The U.S. House Financial Services Subcommittee on National Security, International Development and Monetary Policy considered legislative proposals aimed at addressing fraud and cybersecurity vulnerabilities.
The Federal Financial Institutions Examination Council encouraged financial institutions to practice effective risk management concerning cloud computing services.
The California Attorney General proposed additional modifications to proposed regulations for the California Consumer Privacy Act. The Act went into effect on January 1, 2020, and will be enforced starting July 1, 2020.
The Government Accountability Office offered criticisms and recommendations on the Office of Management and Budget "Data Center Optimization Initiative."
U.S. Attorney General William P. Barr highlighted ongoing enforcement challenges resulting from immunity provisions under the Communications Decency Act that protect internet service providers from liability for the content of online speech.
U.S. Senator Kirsten Gillibrand (D-NY) introduced the "Data Protection Act of 2020." The bill would form a national Data Protection Agency to establish and enforce data privacy and cybersecurity practices.
Illinois residents filed a federal class action Complaint against a biometrics company and its licensing agent for gathering biometrics identifiers and information without informed consent.
The DOJ charged four Chinese military personnel with breaking into Equifax's protected computers and stealing approximately 145 million Americans' personal information.
On July 25, 2019, New York Governor Andrew Cuomo signed two bills into law designed to enhance cybersecurity protections by updating New York's data breach notification law.
On September 9, 2019, the U.S. Court of Appeals for the Ninth Circuit ruled that LinkedIn cannot stop a data analytics company from using publicly available information from LinkedIn's website.
On December 6, 2019, experts testified before the House Financial Services Committee on the impact of artificial intelligence on investing, the financial services workforce, and compliance and risk management.
