Data breach disclosures and regulatory warnings dominated the week

The past week saw the fintech and financial services sectors grappling with the fallout from major data breaches and responding to stern warnings from regulators. The period of June 21st to 27th was defined by critical infrastructure vulnerabilities and a regulatory crackdown on poor risk management practices, particularly within the payments sector. Meanwhile, new strains of highly destructive malware emerged, adding another layer of complexity for security teams.

Here is the debrief of the key events you need to know.

1. Aflac Discloses Data Breach by “Scattered Spider”

Insurance giant Aflac confirmed it was the victim of a cyberattack carried out by the notorious “Scattered Spider” criminal group. The breach, which came to light last week, involved the exfiltration of sensitive customer data, including Social Security numbers and health information. Attackers reportedly gained access to internal systems using stolen credentials. This incident is a powerful reminder of the persistent threat from credential-based attacks and highlights the insurance sector as a high-value target due to the sensitive nature of the data it holds.

2. UK Regulators Flag “Weaknesses” in E-Money & Payments Firms

On June 26th, the UK’s Financial Conduct Authority (FCA) published a stark warning following a multi-firm review of the e-money and payments sector. The regulator found that none of the firms it assessed fully met its expectations for risk management and wind-down planning. The FCA highlighted significant weaknesses in how these firms manage operational and financial risks, suggesting many are not adequately prepared for a major disruption or business failure. This public rebuke signals that a regulatory crackdown, including potential enforcement actions, is likely on the horizon for firms that fail to improve their controls.

3. Cisco Issues Urgent Patch for Critical Vulnerability

Global networking giant Cisco released an urgent security advisory on June 27th for multiple severe vulnerabilities in its Identity Services Engine (ISE). With a maximum CVSS score of 10.0, the flaws could allow an unauthenticated, remote attacker to execute arbitrary code and gain complete control of affected systems. Given that Cisco ISE is widely used across the financial services industry for network access control and identity management, the announcement triggered urgent patching cycles. This event underscores the critical importance of swift patch management for network infrastructure to prevent catastrophic breaches.

4. New “Anubis” Ransomware Adds Destructive Wiper Function

Researchers at CYFIRMA identified a dangerous evolution in the “Anubis” ransomware strain last week. The malware now includes a file-wiping module. If triggered, this function permanently erases the contents of a victim’s files, rendering them unrecoverable even if a ransom is paid. This “double extortion” tactic—combining data encryption with the threat of permanent data destruction—is designed to dramatically increase pressure on victims to pay quickly. For financial institutions, this raises the stakes of a ransomware attack from a temporary disruption to a potentially irreversible loss of critical data.

5. Massive Credential Leak Puts Billions of Accounts at Risk

While not a direct breach of a single company, news broke last week of a colossal data dump containing 16 billion credentials. This trove, compiled from years of infostealer malware infections and past breaches, was discovered circulating on underground forums. The leak includes usernames and passwords for countless services, from consumer tech to corporate and government portals. The immediate impact is a heightened risk of “credential stuffing” attacks, where automated scripts test these stolen logins against banking and fintech platforms. This forced a widespread call for users and businesses to reset passwords and enforce multi-factor authentication (MFA).