InfoSecBulletin Cybersecurity for mankind
Nigeria’s National Data Protection Commission (NDPC) fined Fidelity Bank ₦555.8 million for breaking customer data protection laws.
Punch reported that Olatunji said the top bank violated Nigeria’s Data Protection Act and Regulation, resulting in a large fine of 0.1% of the bank’s 2023 revenue.
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
Daily Security Update Dated: 18.12.2024
CISA released best practices to secure Microsoft 365 Cloud environments
Data breach! Ireland fines Meta $264 million, Australia $50m
Commissioner emphasized the importance of following data protection rules and warned that not following them would result in heavy penalties.
“Data protection compliance is important, and we have stated that non-compliance will be punished. We have penalties that range from N10m or up to two per cent of gross earnings for the previous year,” Olatunji said.
He further explained that the bank’s poor cooperation during the investigation aggravated the penalty.
“We have observed serious breaches and have been working with them, investigating the issue since April 2023. But by the time we finalized our findings, they became arrogant, and we decided to issue a full penalty,” Olatunji added.
Fidelity Bank’s Response:
Reacting to this, Fidelity Bank strongly denied the allegations of a data breach. In a statement released on its website, the bank emphasized that it took data privacy and protection very seriously and had implemented robust security measures to safeguard customer information.
“On May 2nd 2023, we responded to the NDPC that the bank did not violate any law because there was no data breach and that the account opening process was not completed. On our part, we carried out due diligence by immediately blocking the account and subsequently closing the account when we did not receive the outstanding documents. At no point in the process was the account ever operational,” the bank said.
“As a Bank, we remain in discussions with the NDPC over an amicable resolution to this matter,” it added in its statement.
