The fine stems from two previously known Morgan Stanley data security incidents.
A proposed rule from a trio of federal financial regulatory agencies aims to change current reporting requirements so that financial service organizations have to notify federal regulators of a security incident within 36 hours.
The shift from payment cards with magnetic stripes to EMV chips was supposed to stomp out card cloning, except cybercriminals appear to have figured out a workaround.