Bank
EU court adviser says banks must immediately refund phishing victims
Athanasios Rantos, the Advocate General of the Court of Justice of the EU (CJEU), has issued a formal opinion suggesting that banks must immediately refund account holders affected by unauthorized transactions, even when it’s their fault. The opinion was issued in response to a request for a preliminary ruling submitted by the District Court in Koszalin, Poland, […]
Data breach at French bank registry impacts 1.2 million accounts
The French Ministry of Finance has disclosed a cybersecurity incident that impacted data associated with 1.2 million user accounts. The investigation discovered that hackers gained access to the national bank account registry (FICOBA) and stole a database containing sensitive information. The Ministry’s announcement notes that in late January, a threat actor used credentials stolen from a civil servant with […]
US charges 31 more suspects linked to ATM malware attacks
A Nebraska federal grand jury charged 31 additional defendants for their involvement in an ATM jackpotting operation allegedly orchestrated by members of the Venezuelan gang Tren de Aragua. These latest charges follow two previous indictments: a December 9 one charging 22 individuals with conspiracy to provide material support to terrorists and money laundering, and an October […]
US to deport Venezuelans who emptied bank ATMs using malware
South Carolina federal prosecutors announced that two Venezuelan nationals convicted of stealing hundreds of thousands of dollars from U.S. banks in an ATM jackpotting scheme will be deported after serving their sentences. 34-year-old Luz Granados and 40-year-old Johan Gonzalez-Jimenez have previously pleaded guilty to conspiracy and computer crimes for emptying older ATM models throughout the […]
New Spiderman phishing service targets dozens of European banks
A new phishing kit called Spiderman is targeting customers of numerous European banks and cryptocurrency services using pixel-perfect replicas of legitimate sites. The platform allows cybercriminals to launch phishing campaigns that can capture login credentials, two-factor authentication (2FA) codes, and credit card data. The Spiderman phishing kit, analyzed by researchers at Varonis, targets financial institutions in […]
Marquis data breach impacts over 74 US banks, credit unions
Financial software provider Marquis Software Solutions is warning that it suffered a data breach that impacted dozens of banks and credit unions across the US. Marquis Software Solutions provides data analytics, CRM tools, compliance reporting, and digital marketing services to over 700 banks, credit unions, and mortgage lenders. In data breach notifications filed with US […]
Google expands Android scam protection feature to Chase, Cash App in U.S.
Google is expanding support for its Android’s in-call scam protection to multiple banks and financial applications in the United States. The announcement specifically mentions the addition of fintech app Cash App, which has 57 million users, and the JPMorganChase mobile banking app, which has more than 50 million downloads on Google Play. In-call scam protection is a new feature […]
FBI: Cybercriminals stole $262M by impersonating bank support teams
The FBI warned today of a massive surge in account takeover (ATO) fraud schemes and said that cybercriminals impersonating financial institutions have stolen over $262 million in ATO attacks since the start of the year. Since January 2025, the FBI’s Internet Crime Complaint Center (IC3) has received over 5,100 complaints, with the attacks impacting individuals, as well as businesses and organizations across […]
Hackers breach fintech firm in attempted $130M bank heist
Hackers tried to steal $130 million from Evertec’s Brazilian subsidiary Sinqia S.A.after gaining unauthorized access to its environment on the central bank’s real-time payment system (Pix). Evertec is a public financial technology giant that stands as a major full-service transaction processor in Latin America, Puerto Rico, and the Caribbean. Sinqia, acquired by Evertec in 2023, […]
Hackers plant 4G Raspberry Pi on bank network in failed ATM heist
The UNC2891 hacking group, also known as LightBasin, used a 4G-equipped Raspberry Pi hidden in a bank’s network to bypass security defenses in a newly discovered attack. The single-board computer was physically connected to the ATM network switch, creating an invisible channel into the bank’s internal network, allowing the attackers to move laterally and deploy […]