Risk Intelligence Roundup for September 2024

Welcome to our Risk Intelligence Roundup newsletter, where we focus on delivering curated compliance insights and solutions to empower your risk management strategy.

September is already behind us so let us review some of the headline-worthy stories relating to the worlds of cyber security, cryptocurrency, and regulatory compliance. Let us start with:

Data Regulation

EU Regulators Launch Investigation Into Google

On September 12, the Data Protection Commission (DPC), a European privacy regulator, launched an inquiry into Google’s handling of EU user data. The probe comes amid mounting legal challenges for parent company Alphabet, adding to an ongoing antitrust lawsuit in the United States.

The DPC questioned whether Google had complied with the obligations laid down by the General Data Protection Regulation (GDPR) law, which first took effect in May 2018. It concerns the company’s Pathways Language Model 2 (PaLM 2), an AI model with multilingual support and advanced reasoning capabilities, and its handling of sensitive user data.

It is not thought that the inquiry will pose any serious short-term complications for Google, but it could impact the future handling of data used for training advanced AI language models.

Cyber Security

17-Year-Old Arrested for Major TfL Hack

Police in the United Kingdom recently arrested a 17-year-old from Walsall on suspicion of offences related to an attack on systems operated by Transport for London (TfL) on September 1, 2024.

The attack caused significant interruptions for users of the service and seems to have targeted those who had requested a refund for journeys that used an Oyster card. TfL contacted around 5,000 customers in relation to the hack, warning them that their contact details and bank account information may have been compromised.

British Telecom (BT) Reports 2,000 Attacks a Second

Major data breaches seem to be a common occurrence these days, and we have already reported on a few of these in our roundup newsletters on LinkedIn. The issue is not that hackers are getting wiser, but that they now have many more tools at their disposal.

According to major telecommunications giant BT, they receive 2,000 potential attacks a second, many of which are conducted by bots. These attacks have increased exponentially compared to last year. The company stated that while hackers are still targeting defence companies and those in the financial services, they are increasingly turning their attention to retail, hospitality, and education, suggesting that no one is safe and every company needs to prepare for such eventualities.

MoneyGram Hit by Cyber-Attack

On September 20, MoneyGram—the world’s second-largest money transfer company—went offline. The company, which operates in over 200 countries and territories and processes billions of dollars a year, shut down its network and left millions of users with a “Be right back” message.

The rumour mill stirred, with many suggesting that the service had been the victim of a cyber-attack. This was then confirmed several days later, with the company posting to announce that it had spotted a cybersecurity threat and had “taken protective steps to address it”, including shutting down its systems.

The MoneyGram website and services have since been restored, with the company announcing that it is working hard to process pending transactions. Questions still remain about the source and extent of the hack, and at the time of writing, no hacking groups have come forward to claim responsibility.

Meta Fined €91 Million After Five-Year Investigation

In 2019, Meta, then known as Facebook, revealed that it had inadvertently stored user passwords in plain text, devoid of the usual encryption and security protocols required for sensitive user data. It claimed that the passwords were only exposed within its organisation, but the Irish Data Protection Commission (DPC) then launched an investigation, claiming the social media giant was in breach of General Data Protection Regulations (GDPR).

The result of that five-year investigation is a €91 million fine. It follows a previous DPC fine of €1.2 billion imposed against Meta in 2023 for mishandling user data.

Chinese Hackers Break Into US ISPs

On September 26, the Wall Street Journal reported that Chinese hackers backed by the state had gained access to several internet service providers (ISPs) in the United States. The goal, according to the WSJ, is to harvest sensitive information and then use that information to launch additional attacks and redirect traffic.

Dubbed “Salt Typhoon”, the hacking campaign is one part of a large-scale operation that has led to multiple incursions into US online infrastructure and is thought to have been ongoing for several months.

In response, cybersecurity experts have called on major operators to be more diligent and implement enhanced cybersecurity measures. Microsoft, Cisco, and other major networks are looking into the hacks to assess the damage and see which areas have been affected.

Cryptocurrency News

Harris Hints at Democratic U-Turn Over Cryptocurrency

Vice President Kamala Harris has caused a stir in cryptocurrency circles by suggesting a future democratic administration would provide more support for digital currencies. In the past, President Biden has taken an opposing stance, pushing for strict measures to control the rise and use of crypto, but Harris could receive support from the industry after recent hints that she would “encourage innovative technologies…like digital assets”

Sanctions News

September 10

The United States placed additional sanctions on Russia and Iran in response to the latter providing the former with ballistic missiles for use in the “illegal war against Ukraine”. Sanctions included new designations for IRAN AIR and VAFA WHOLESALE LTD. Similar moves were made by major European powers.

September 11

The United Nations extended sanctions against Sudan until September 2025. The sanctions are aimed at ending an escalation of conflict in the region, with a representative noting that they were devoted to “advancing peace and security in Sudan”.

The UK sanctioned a further 10 ships linked to Russia that are said to be part of its “shadow fleet”, one tasked with exporting large quantities of oil to fuel the country’s war machine.

September 26

The United States imposed sanctions on several cryptocurrency exchanges alleged to have helped Russian money laundering operations.

The United Kingdom sanctioned two entities and five ships believed to be involved with the transportation of Russian liquefied natural gas.

Need help identifying and navigating risks?

Our Risk Intelligence solutions are designed to assist companies in identifying, assessing, and mitigating potential risks, helping them safeguard their operations and make informed decisions in an increasingly volatile business world.

We provide due diligence reports, updated sanctions lists, adverse media screening solutions, and PEPs, SOEs & databases.

Talk to our Risk Intelligence experts 👉🏻 BOOK A MEETING