Risk Intelligence Roundup for November 2024

Welcome to our Risk Intelligence Roundup newsletter, where we focus on delivering curated compliance insights and solutions to empower your risk management strategy.

November was a big month for the retail and financial sectors, a month that revolved around the run-up to Christmas and the chaos of Black Friday. As our regulatory roundup shows, there will be some extra problems on the Christmas lists of a few major global brands. Also, some alarming news for Apple users. ??

Regulatory News        

1??Metro Bank Fined ￡16.7 million for AML Inadequacies

Metro Bank, a UK bank listed on the London Stock Exchange, has been hit with a ￡16.7 million fine from the Financial Conduct Authority?(FCA) for allegedly failing to monitor customer transactions for potential money laundering.

The FCA is clamping down on money laundering and has redoubled its efforts in recent years with strict anti-money laundering (AML) rules and regulations. Metro Bank is the latest in a long line of companies to fall foul of these rules.

The alleged infractions began back in 2016 when Metro Bank implemented a new system designed to automate the transaction monitoring process. According to a statement released by the FCA, staff members raised concerns that transaction data was not being properly monitored in 2017 and 2018, but it did not fix the issue.

After identifying the issues in 2019, the bank implemented systems to remedy them. The CEO, Daniel Frumkin, stated that the company was happy to “draw a line” under the issue, and was concentrating on moving forward.

2??Bitcoin Fog Founder Jailed for Facilitating Money Laundering

Roman Sterlingov, the founder of Bitcoin Fog, was jailed for 12 and a half years earlier this month for running a money laundering operation between 2011 and 2021. Known as a cryptocurrency mixer, the software was used by criminals to conceal the source of illegally acquired funds.

Estimates suggest that over 1.2 million BTC was laundered through the program, equating to more than $400 million at the time that the funds were laundered.

Described as the longest-running crypto mixer on the darknet, Sterlingov’s arrest marked the conclusion of a major case for the U.S. Department of Justice, as it was believed that the bulk of that laundered money came from illegal marketplaces.

The Russian-Swedish dual national was also forced to forfeit close to $350,000 in various cryptocurrencies, as well as 1,354 BTC held in a Bitcoin Fog wallet.

Scams and Data Breaches        

1??New AI-Driven Scam Targets Apple Users

A new scam that uses large language models to create warnings similar to the real deal could put two billion Apple users (including iOS and MacOS users) at risk.

The scam informs the user that their Apple ID has been suspended, tricking them into clicking a link that will direct them to a page where their details can be stolen.

The scam originates from a phishing email and comes at a time when many consumers are planning big Black Friday and Christmas purchases, potentially dropping their guard and putting them at risk.

Users are encouraged to verify the identities of all email senders, and they should avoid clicking any email links if they are suspicious of the sender. Instead, they should go directly to the Apple website to confirm if there is an issue with their Apple ID.

2??Record-Breaking Data Breaches in Washington

According to a report from the Washington Attorney General’s Office, data breaches are at an all-time high. Over 11.4 million data breach notifications were sent to the state’s 8 million or so residents in a single year.

It is 5 million notifications more than the previous record, set in 2021.

The report noted that 279 of these breaches affected more than 500 residents, with most coming in the form of ransomware attacks.

The increase is largely the result of two major breaches, one at the Fred Hutchinson Cancer Center and the other at Comcast.

3??57 Million Customers Hit in Hot Topic Breach

On November 11, breach reporting website, Have I Been Pwned, warned over 57 million customers of Hot Topic that the site had been breached and their details had been stolen.

The American fast-fashion brand, known for its counter-culture clothing and accessories, is thought to have been breached in the middle of October 2024, with the data then being posted for sale on the dark web.

According to Have I Been Pwned, the breach includes the full names, billing addresses, purchase histories, email addresses, phone numbers, and date of birth of customers across Hot Topic, BoxLunch, and Torrid, all part of the same company.

Partial credit cards may have also been accessed, and while it is unlikely that the hackers have full financial details, there is a concern that they could use the accompanying information to target those 57 million customers.

The hackers initially asked for $20,000 for the data, while also requesting a $100,000 ransom from Hot Topic. The sale price was later dropped to $3,500, and at the time of the breach being made public, the company, which operates hundreds of stores across the US, had still not notified its customers.

4?? Travelers and Geico Fined After Exposing the Data of 120,000 Customers

Insurance companies Travelers and Geico have been hit with a combined $11.3 million fine resulting from a breach that occurred during the pandemic and exposed the details of 120,000 customers.

Hackers are said to have exploited gaps that could have been mitigated with stronger security measures.

In Geico’s case, the hackers took advantage of weaknesses in the company’s online quoting tool, using it to steal sensitive information such as driver’s license numbers. Travelers accounted for just 4,000 of the affected individuals, with the hack resulting from stolen employee login details and a system that did not require multi-factor authentication.

Talk to our Risk Intelligence experts ???? BOOK A MEETING

Gambling News        

1??Major Change for the UK Gambling Industry

UK betting brands had expected a big change to be announced in the 2024 budget, one that had been slated in an earlier whitepaper. When that did not happen, it looked like they could breathe easier. In fact, while stocks in major gambling brands dipped in anticipation, they rose again soon after the budget.

However, the UK government has now announced that changes are on the way, including new slot betting limits of ￡2 (for 18 to 24-year-olds) and ￡5 (for those 25 and over)

A new tax has also been announced, one that will cost gambling companies ￡100 million, with the money going toward helping problem gamblers.

It could be one of many changes introduced in the coming years as the government seeks to reduce problem gambling. It will place a greater responsibility of care on betting brands while also changing the age verification process to allow them to create different rules for legal gamblers under and over 25.

Sanctions News        

November 7

The UK announced multiple new sanctions targeting Russian-backed mercenary groups in Africa, as well as those involved with the supply of parts used in the production of drones.

November 11

Jean-Noel Barrot, the French foreign minister, announced that the European Union may shortly initiate a third round of sanctions against Israeli settlers, although no such sanctions have been announced at the time of writing.

November 21

The US has sanctioned Gazprombank and other entities, alleging that they served as a conduit through which Russia was able to purchase materials for its military. Gazprombank is Russia’s largest bank, and until this month, it had largely avoided sanctions against Russian financial institutions.

November 27

The US imposed new sanctions on Venezuelan President Nicolás Maduro, targeting 21 individuals associated with a leader the US accuses of “undermining democracy” and “violating human rights”.

Talk to our Risk Intelligence experts ???? BOOK A MEETING

See you next month! ????