At a glance.

  • PEGA Committee prepares for NSO Group hearing.
  • Flagstar Bank experiences customer data breach.

PEGA Committee prepares for NSO Group hearing.

In the much-awaited climax of the European Parliament’s PEGA Committee investigation of Israeli spyware maker NSO Group, members of Parliament will be given the opportunity to question NSO representatives during a hearing next week. The hearing is the final step of PEGA’s probe following the discovery that NSO’s infamous Pegasus surveillance software was being used to spy on EU leaders including Spain’s Prime Minister Pedro Sánchez, political groups in Spain, Poland, and Hungary, and even some members of the European Parliament itself. Politico offers an overview of some of the topics the committee should focus on when given the opportunity to interrogate NSO, which has been historically cagey when it comes to revealing details about its operations. For instance, PEGA will probably question NSO about its complicated corporate structure – which includes thirty subsidiaries and units across Israel, Luxembourg, Cyprus, Bulgaria, the United States, Hong Kong, and the United Kingdom – and for details about which of these units are licensed to operate in the EU. They should also ask just how much access employees have to the data collected by the software after it is sold, and whether NSO has purchased the software vulnerabilities that allow Pegasus to unnoticeably hack into victims’ phones. 

Flagstar Bank experiences customer data breach.

A leading US financial service provider, Flagstar Bank, has disclosed a data breach that compromised over 1.5 million customers, TechCrunch reports. The company, based out of the state of Michigan, explained in a notification letter that threat actors breached the network between December 3 and December 4, 2021. The subsequent investigation revealed earlier this month that the threat actors had accessed sensitive customer details including Social Security numbers. The letter states that upon first detection Flagstar “promptly activated our incident response plan, engaged external cybersecurity professionals experienced in handling these types of incidents and reported the matter to federal law enforcement,” but fails to explain why it took nearly six months to determine that data had been exposed. It’s worth noting that this is Flagstar’s second recent data breach, as the company was among the victims of last year’s far-reaching attack on Accellion.