2013, Information Security, Insurance and IT - Information Management Today

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000. The SEC says First American derives nearly 92 percent of its revenue from its title insurance segment, earning $7.1 This week, the U.S. First American Financial Corp.

Insurance

Insurance Risk Financial Services Mining

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. GDPR (among other legal requirements in the EU and elsewhere) can expose multinational organizations to hefty financial penalties, additional rules for disclosing data breaches, and increased scrutiny of the adequacy of their data security.

Data Privacy

Data Privacy Compliance Privacy Security

Federal Banking Regulators Request Comment on Proposed Guidance for Third-Party Risk Management

Hunton Privacy

JULY 16, 2021

According to the Regulators, the Proposed Guidance largely would adopt the text of the OCC’s 2013 guidance, broadening its scope to include organizations supervised by all three Regulators. Contingency planning for relationship terminations.

Risk

Risk Insurance Sales Encryption

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

Puerto Rico Health Insurer Reports Record Fine Following PHI Breach Incident

Hunton Privacy

FEBRUARY 24, 2014

Securities and Exchange Commission that its health insurance subsidiary, Triple-S Salud, Inc. Triple S”), which is Puerto Rico’s largest health insurer, will be fined $6.8 million for a data breach that occurred in September 2013. Triple-S Management Corporation reported in the 8-K it recently filed with the U.S.

Insurance

Insurance Data breaches IT Security

FDIC, FRB and OCC Issue Interagency Guidance on Third-Party Relationships

Hunton Privacy

JUNE 13, 2023

On June 6, 2023, the Federal Deposit Insurance Corporation (“FDIC”), the Board of Governors of the Federal Reserve System (“FRB”) and the Office of the Comptroller of the Currency (“OCC”) issued their final Interagency Guidance on Third-Party Relationships (“Guidance”).

Risk

Risk Insurance Compliance Information Security

The Week in Cyber Security and Data Privacy: 16–22 October 2023

IT Governance

OCTOBER 24, 2023

Another small firm suffers a serious ransomware attack: Cadre Services gets mauled by AlphV Date of breach: 19 September 2013 (AlphV uploaded first part of data to its website on 19 October 2023). Breached organisation: Okta, security software company in California, US. Records breached: 91,000 individuals affected.

Data Privacy

Data Privacy Privacy Security Data breaches

Health Insurer Reaches Privacy Settlement with New Jersey Division of Consumer Affairs

Hunton Privacy

FEBRUARY 22, 2017

The settlement stemmed from the theft of two laptops stolen from Horizon headquarters in November 2013, when personnel from outside vendors performing renovations and moving services at Horizon’s Newark headquarters had unsupervised access to the area where company laptops were stored. Under the terms of the settlement, in addition to the $1.1

Insurance

Insurance Privacy Encryption Passwords

Maryland Department of Labor discloses a data breach

Security Affairs

JULY 9, 2019

The Maryland Department of Labor announced it has suffered a data breach announced that exposed personally identifiable information. . The Maryland Department of Labor suffered a data breach, hackers accessed databases containing personally identifiable information (PII). ” continues the Department. .

Data breaches

Data breaches Insurance Access Security

Fifth Circuit Court of Appeals Vacates MD Anderson HIPAA Penalty

Hunton Privacy

JANUARY 16, 2021

The Court held that OCR’s civil monetary penalty for alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule and HIPAA Security Rule was “arbitrary, capricious, and otherwise unlawful.”. OCR investigated and imposed the $4.3 Read the court’s holding here.

Encryption

Encryption Privacy Insurance Security

German Ministry Publishes Draft Law for Cybersecurity Breach Notification

Hunton Privacy

MARCH 15, 2013

On March 5, 2013, the German Federal Ministry of the Interior published proposed amendments (in German) to the German Federal Office for Information Security Law.

Cybersecurity

Cybersecurity Information Security Insurance Privacy

OCR Issues Penalty for Noncompliance with HIPAA Privacy and Security Rules

Hunton Privacy

FEBRUARY 3, 2017

million civil monetary penalty against Children’s Medical Center of Dallas (“Children’s”) for alleged ongoing violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules, following two consecutive breaches of patient electronic protected health information (“ePHI”).

Privacy

Privacy Security Insurance Encryption

New European Cyber Laws (NISD) – Do you understand the potential impact on your business?

CGI

JANUARY 22, 2016

This blog focuses on the new Network and Information Security Directive (NISD) which was agreed at the same time and also has significant implications for business. The likely implications will be: Organisations will need to be able to demonstrate that they have taken ‘appropriate security measures’.

Insurance

Insurance GDPR Personal data Marketing

FTC Files Complaint Against Medical Testing Lab for Exposing Consumers’ Personal Data

Hunton Privacy

AUGUST 30, 2013

On August 29, 2013, the FTC announced that it had filed a complaint against LabMD, Inc. According to the complaint, LabMD, which performs various laboratory tests for consumers, exposed the personal information of more than 9,000 consumers on a peer-to-peer (“P2P”) file-sharing network.

Personal data

Personal data Insurance Information Security Access

HHS Announces HIPAA Settlement with UMass

Hunton Privacy

NOVEMBER 30, 2016

On November 22, 2016, the Department of Health and Human Services (“HHS”) announced a $650,000 settlement with University of Massachusetts Amherst (“UMass”), resulting from alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules. .

Computer and Electronics

Computer and Electronics Insurance Privacy Risk

Obama Administration Releases Incentive Reports on Cybersecurity

Hunton Privacy

AUGUST 7, 2013

On August 6, 2013, the Obama Administration posted links on The White House Blog to reports from the Departments of Commerce , Homeland Security and Treasury containing recommendations on incentivizing companies to align their cybersecurity practices with the Cybersecurity Framework.

Cybersecurity

Cybersecurity Insurance Risk Security

FTC Sends Warning Letters to Data Brokers Regarding FCRA Violations

Hunton Privacy

MAY 9, 2013

On May 7, 2013, the Federal Trade Commission announced that it issued letters to ten data broker companies warning that their practices could violate prohibitions against selling consumer information under the Fair Credit Reporting Act (“FCRA”).

Insurance

Insurance Privacy Personal data IT

Germany Issues Revised Draft Cybersecurity Law

Hunton Privacy

AUGUST 27, 2014

An earlier version of the law was published in March 2013. Critical Infrastructure” and Security Requirements. The revised Draft Law will amend a number of laws and provisions relating to IT security. Powers of Federal Office for Information Security. Current Status and Next Steps.

Cybersecurity

Cybersecurity Insurance Information Security Security

NIST Releases Final Cybersecurity Framework

Hunton Privacy

FEBRUARY 12, 2014

On February 12, 2014, the National Institute of Standards and Technology (“NIST”) issued the final Cybersecurity Framework , as required under Section 7 of the Obama Administration’s February 2013 executive order, Improving Critical Infrastructure Cybersecurity (the “Executive Order”).

Cybersecurity

Cybersecurity Risk Insurance Privacy

DOJ Announces Multinational Efforts to Disrupt Gameover Zeus Botnet

Hunton Privacy

JUNE 20, 2014

Security researchers estimate that approximately 25% of the 500,000 to one million computers infected worldwide are located in the United States. Cryptolocker, which first appeared in 2013, encrypts the computer files of its victims and forces victims to pay a ransom to unlock the files. Read the FTC’s Consumer Information blog post.

Insurance

Insurance Encryption Risk Security

FTC Settles with Dental Practice Software Provider over Charges of Misleading Consumers with Respect to Data Encryption

Hunton Privacy

JANUARY 13, 2016

According to the complaint, the United States Computer Emergency Readiness Team issued a vulnerability note in June 2013 indicating that the form of data protection used in Dentrix G5 software was a “weak obfuscation algorithm.”

Encryption

Encryption Insurance Data breaches Privacy

Hong Kong Privacy Commissioner Solicits Views on Proposal for Data User Returns

Hunton Privacy

JULY 20, 2011

The proposal would require data users in the public sector and in the banking, telecommunications and insurance industries, and data users with large databases, to prepare and submit data user returns. Assuming the Hong Kong Privacy Commissioner proceeds with the proposal, it is estimated that it would be implemented in 2013.

Privacy

Privacy Personal data Insurance IT

Malaysian Data Protection Law Takes Effect

Hunton Privacy

NOVEMBER 19, 2013

On November 14, 2013, the Minister of the Malaysian Communications and Multimedia Commission (the “Minister”) announced that Malaysia’s Personal Data Protection Act 2010 (the “Act”) would be going into effect as of November 15, marking the end of years of postponements. It is unclear exactly what is meant by “a regular practice” in Malaysia.

Personal data

Personal data Marketing Communications Insurance

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

Source (New) Transport USA Yes 3,815 Okta Source 1 ; source 2 (Update) Cyber security USA Yes 3,800 Shah Dixit & Associates, P.C. Source (New) Finance USA Yes 3,494 Woodruff Sawyer Source (New) Insurance USA Yes 3,087 Blackburn College Source (New) Education USA Yes 3,039 CAIRE Inc. Organisation(s) Sector Location Data breached?

Data Privacy

Data Privacy Privacy Security Data breaches

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

The Last Watchdog

AUGUST 15, 2019

insurance giant Beazley Worldwide reported that the average ransomware demand in 2018 was more than $116,000, a figure admittedly skewed by some very large demands. “All we know is MONEY! Tik Tak, Tik Tak, Tik Tak!” The attackers demanded $76,000, paid in Bitcoin, for a decryption key. A poll of IT pros in the U.S., The median was $10,310.

Ransomware

Ransomware Access Cybersecurity Insurance

Experian API exposed credit scores of tens of millions of Americans

Security Affairs

MAY 3, 2021

Leaky and poorly-secured APIs like the one Demirkapi found are the source of much mischief in the hands of identity thieves. Earlier this month, auto insurance giant Geico disclosed that fraudsters abused a bug in its site to steal drivers license numbers from Americans. ” reported KrebsOnSecurity. .”

Insurance

Insurance Access Authentication Security

The man behind Cardplanet credit card market sentenced to 9 years in prison

Security Affairs

JUNE 27, 2020

The man operated the Cardplanet site between at least early 2009 through at least August 2013. The membership also requested a sum of money, normally $5,000, as insurance. In November, the suspect has been extradited to the US to face criminal charges.

Marketing

Marketing Sales Insurance Access

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Information security is not yet a science; outside of the handful of issues falling under the field of cryptography, there is no formalized system of classification. The most prepared cybersecurity programs of today will not attempt to implement a static, “out-of-the-box” solution to cyber risk. Principle 2. Principle 3.

Cybersecurity

Cybersecurity Risk Passwords Authentication

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

iSharing is used by more than 35 million users. The company has fixed the issue, blaming it on a vulnerability in the app’s groups feature. Data breached: >35 million people’s data. 117 of them are known to have had data exfiltrated, exposed or otherwise breached. Source 1 ; source 2 (Update) Finance USA Yes 498,686 J.P.

Data Privacy

Data Privacy Privacy Manufacturing Security

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. With evolving attack methodologies due to machine learning, quantum computing, and sophisticated nation-state hackers, security startups are receiving record funding.

Cybersecurity

Cybersecurity Cloud Compliance Analytics

Weekly podcast: Supermicro, federal data privacy law and Morrisons

IT Governance

OCTOBER 25, 2018

Apple, too, maintains that Bloomberg is wrong – following its company statement and a letter to Congress from its vice president of information security, George Stathakopoulos, Apple’s CEO, Tim Cook, even took the unusual step of telling BuzzFeed this week: “There is no truth in their story about Apple. Here are this week’s stories.

Data Privacy

Data Privacy Privacy Data breaches GDPR

Information Management Today

First American Financial Pays Farcical $500K Fine

Security Compliance & Data Privacy Regulations

Webinars

Trending Sources

Federal Banking Regulators Request Comment on Proposed Guidance for Third-Party Risk Management

Webinars

Puerto Rico Health Insurer Reports Record Fine Following PHI Breach Incident

FDIC, FRB and OCC Issue Interagency Guidance on Third-Party Relationships

The Week in Cyber Security and Data Privacy: 16–22 October 2023

Health Insurer Reaches Privacy Settlement with New Jersey Division of Consumer Affairs

Maryland Department of Labor discloses a data breach

Fifth Circuit Court of Appeals Vacates MD Anderson HIPAA Penalty

German Ministry Publishes Draft Law for Cybersecurity Breach Notification

OCR Issues Penalty for Noncompliance with HIPAA Privacy and Security Rules

New European Cyber Laws (NISD) – Do you understand the potential impact on your business?

FTC Files Complaint Against Medical Testing Lab for Exposing Consumers’ Personal Data

HHS Announces HIPAA Settlement with UMass

Obama Administration Releases Incentive Reports on Cybersecurity

FTC Sends Warning Letters to Data Brokers Regarding FCRA Violations

Germany Issues Revised Draft Cybersecurity Law

NIST Releases Final Cybersecurity Framework

DOJ Announces Multinational Efforts to Disrupt Gameover Zeus Botnet

FTC Settles with Dental Practice Software Provider over Charges of Misleading Consumers with Respect to Data Encryption

Hong Kong Privacy Commissioner Solicits Views on Proposal for Data User Returns

Malaysian Data Protection Law Takes Effect

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

Experian API exposed credit scores of tens of millions of Americans

The man behind Cardplanet credit card market sentenced to 9 years in prison

An Approach to Cybersecurity Risk Oversight for Corporate Directors

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

Top Cybersecurity Startups to Watch in 2022

Weekly podcast: Supermicro, federal data privacy law and Morrisons

Stay Connected