REMINDER - This newsletter is
available for the Android smart phones and tablets. Go to the
Market Store and search for yennik.
- Is DHS growing into cyber mission? - After years of controversy,
DHS appears to be getting a handle on cybersecurity. From the
beginning of the Homeland Security Department, there has been
vigorous debate about its cybersecurity mission, questioning the
wisdom of trying to grow a new capability in DHS rather than handing
this task to the well-resourced and better-skilled NSA.
Japan Warns of Security Risk in Software for Language Input -
Japan’s government warned that certain software used for writing
Japanese characters could lead to security leaks, including some
programs made in China. The National Information Security Center
asked all central government ministries to avoid the programs when
making confidential documents because a record of the writing can be
sent to servers outside the country.
Three hackers in police net for siphoning Rs 10 lakh - Three people
were arrested on Sunday for hacking a bank account and transferring
around Rs 10 lakh from the account of one of the partners of a
city-based event management company. Kingpin is on the run.
ATTACKS, INTRUSIONS, DATA THEFT & LOSS
Hackers target Bitcoin alternative, Dogecoins - Cyber criminals have
hacked Dogewallet, a storage system for Dogecoins, which is an
alternative to popular digital currency, Bitcoin.
Computers stolen from Calif. EDD facility, personal info compromised
- An undisclosed number of individuals may have had personal
information compromised after a secured California Employment
Development Department (EDD) facility was broken into and computers
containing Unemployment Insurance (UI) records were stolen.
Employee sends info on 2,000 to personal email address, gets fired -
An employee with a private contractor for Colorado Medicaid was
fired after sending an email to a personal account that contained
sensitive information on almost 2,000 people.
Card fraud hitting Boston convention groups linked to restaurant
chain breach - The Briar Group, a Brighton, Mass.-based restaurant
operator, has confirmed that it suffered a breach. Those impacted
include attendees of recent Boston conventions.
A Target payment processor denies being impacted in 40M card breach
- While waiting for Target to announce exactly how attackers
compromised its point-of-sale (POS) devices to steal roughly 40
million credit and debit cards in two and a half weeks, a payment
processor for the retail giant – First Data Corporation – has denied
being impacted in the breach.
NatWest hit by cyber-attack leaving customers unable to access
online accounts - The bank was targeted by a distributed denial of
service (DDoS) attack, although it insists there was "no risk" to
customers - NatWest has been targeted by a cyber-attack, which left
customers unable to access their accounts online.
- Crooks steal money from ATMs using USB drives, experts weigh in -
ATMs (automated teller machines) around the world that are still
running Windows XP – which reaches end of support in April – are
vulnerable to malware being loaded on machines via USB drives, a
couple of German researchers revealed at the annual Chaos
Communication Congress on Friday.
- Delta Air Lines website glitch lets flyers nab extra low fares - A
computer glitch affecting the Delta Air Lines website and other
flight booking sites allowed travelers to make off with a deal of a
- Court employee compromises personal info of Washington state
residents - The personal information of more than 3,000 residents of
Washington state was compromised after a temporary city court
employee sent forms, background information and municipal court
lists to her personal email.
- Stolen laptop impacts 3,500 individuals in South Carolina - Nearly
3,500 members of the South Carolina Health Insurance Pool may have
had personal information compromised after a password-protected
laptop containing the sensitive data was stolen from an independent
- Hackers taunt Skype: 'Stop spying on people!' - The Syrian
Electronic Army targets the public faces of Skype, hacking messages
to its blog and to its Twitter and Facebook accounts. The
publicity-minded Syrian Electronic Army on Wednesday targeted the
public faces of Skype, posting antisurveillance messages to the
video-chat service's blog and to its Twitter and Facebook accounts.
- Overexposed: Snapchat user info from 4.6M accounts - The incident
comes just days after Snapchat acknowledged a potential flaw that
would allow exposure of usernames and phone numbers. Heads up,
Snapchat users: someone has allegedly comprised 4.6 million
accounts, potentially exposing your usernames and phone numbers.
- Virginia hospital employee accesses records for four years, gets
fired - An employee with Riverside Health System in Newport News,
Virginia has been fired for inappropriately accessing the medical
records of nearly 1,000 patients over the span of four years.
Return to the top
of the newsletter
WEB SITE COMPLIANCE -
Reserve Requirements of Depository Institutions (Regulation D)
Pursuant to the withdrawal and transfer restrictions imposed on
savings deposits, electronic transfers, electronic withdrawals (paid
electronically) or payments to third parties initiated by a
depositor from a personal computer are included as a type of
transfer subject to the six transaction limit imposed on passbook
savings and MMDA accounts.
Institutions also should note that, to the extent stored value or
other electronic money represents a demand deposit or transaction
account, the provisions of Regulation D would apply to such
Consumer Leasing Act (Regulation M)
The regulation provides examples of advertisements that clarify the
definition of an advertisement under Regulation M. The term
advertisement includes messages inviting, offering, or otherwise
generally announcing to prospective customers the availability of
consumer leases, whether in visual, oral, print, or electronic
media. Included in the examples are on-line messages, such as those
on the Internet. Therefore, such messages are subject to the general
the top of the newsletter
INFORMATION TECHNOLOGY SECURITY -
We continue our series on the FFIEC
interagency Information Security Booklet.
SECURITY CONTROLS -
Network security requires effective implementation of several
control mechanisms to adequately secure access to systems and data.
Financial institutions must evaluate and appropriately implement
those controls relative to the complexity of their network. Many
institutions have increasingly complex and dynamic networks stemming
from the growth of distributed computing.
Security personnel and network administrators have related but
distinct responsibilities for ensuring secure network access across
a diverse deployment of interconnecting network servers, file
servers, routers, gateways, and local and remote client
workstations. Security personnel typically lead or assist in the
development of policies, standards, and procedures, and monitor
compliance. They also lead or assist in incident-response efforts.
Network administrators implement the policies, standards, and
procedures in their day-to-day operational role.
Internally, networks can host or provide centralized access to
mission-critical applications and information, making secure access
an organizational priority. Externally, networks integrate
institution and third-party applications that grant customers and
insiders access to their financial information and Web-based
services. Financial institutions that fail to restrict access
properly expose themselves to increased transaction, reputation, and
compliance risk from threats including the theft of customer
information, data alteration, system misuse, or denial-of-service
Return to the top of
INTERNET PRIVACY - We
continue our series listing the regulatory-privacy examination
questions. When you answer the question each week, you will help
ensure compliance with the privacy regulations.
28. Does the institution refrain from
requiring all joint consumers to opt out before implementing any opt
out direction with respect to the joint account? [§7(d)(4)]
29. Does the institution comply with a consumer's direction to opt
out as soon as is reasonably practicable after receiving it? [§7(e)]