GRC Report Staff

In a letter to its customers, Bank of America has revealed a security incident that might have affected sensitive personal data. The incident, which occurred on December 30, 2024, is tied to a third-party vendor responsible for shredding documents. According to the bank, the vendor didn’t secure certain documents properly during transport, and some of those documents were discovered outside a financial center. While it’s unclear whether any individual customer’s documents were directly involved, the bank is erring on the side of caution and notifying those who could be impacted.

The Public Company Accounting Oversight Board (PCAOB) has taken action against nine firms from KPMG's network for failing to meet essential regulatory requirements. The sanctions come as a direct response to violations of key reporting rules and quality control standards, and send a clear message about the PCAOB’s commitment to safeguarding the integrity of the financial system.

New York Attorney General Letitia James has filed a lawsuit recently against National General and its parent company, Allstate Insurance, over a string of data breaches that exposed the personal information of over 165,000 New Yorkers. The lawsuit paints a troubling picture of how weak cybersecurity practices allowed hackers to access sensitive information—and not once, but twice—due to a series of preventable oversights.

Our recent survey reached over 100 dedicated and experienced professionals from across the GRC spectrum. Ranging from compliance and risk management to cyber risk and integrated GRC, these individuals are the ones on the front lines, and their insights remind us that behind every percentage is not just statistic but a true human story, a tale of vigilance, collaboration, and the unyielding drive to create a resilient, compliant, and better future.

The financial landscape is shifting fast. While digital banking services and cryptocurrencies bring innovation, they also open the door to new risks that criminals are quick to exploit. As we enter 2025, the Swedish financial watchdog is focusing its efforts on addressing these emerging threats. From money laundering to terrorist financing and sanctions evasion, financial firms face growing pressure to safeguard the system from exploitation.

Every year, Europe’s cybersecurity landscape grows more complex. With digital infrastructures evolving, cyber threats becoming more sophisticated, and the stakes higher than ever, it’s clear that certain sectors are facing serious challenges when it comes to cyber resilience. ENISA’s 2024 NIS360 report offers a deep dive into the cybersecurity maturity and criticality of sectors that are essential to Europe’s economic and social fabric—and the results are both encouraging and concerning.

In a shocking new report from the Federal Trade Commission (FTC), consumers in the U.S. reported losing over $12.5 billion to fraud in 2024. That’s a staggering 25% increase from the previous year, underscoring a rising tide of fraud that businesses, consumers, and regulators are struggling to keep up with.