2017, Data, Financial Services and Information Security

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. These revisions represent the most significant modifications since the enactment of the rules in March 2017.

Financial Services

Financial Services Cybersecurity Compliance Government

Nissan Oceania data breach impacted roughly 100,000 people

Security Affairs

MARCH 14, 2024

The Australian and New Zealand Nissan Corporation and Financial Services (“Nissan”) advises that its systems have been subject to a cyber incident. Nissan is working with its global incident response team and relevant stakeholders to investigate the extent of the incident and whether any personal information has been accessed.”

Data breaches

Data breaches Financial Services Ransomware Government

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. Authorized property/casualty insurers should use a data-driven and comprehensive plan to assess gaps and vulnerabilities in the cybersecurity of their insureds and potential insureds. Rigorously Measure Insured Risk. 1 See W.B.

Insurance

Insurance Financial Services Cybersecurity Risk

A cyber attack hit Nissan Oceania

Security Affairs

DECEMBER 7, 2023

“The Australian and New Zealand Nissan Corporation and Financial Services (“Nissan”) advises that its systems have been subject to a cyber incident. Nissan is working with its global incident response team and relevant stakeholders to investigate the extent of the incident and whether any personal information has been accessed.”

Financial Services

Financial Services Data breaches Ransomware Access

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

Hunton Privacy

NOVEMBER 8, 2023

On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services (“NYDFS”) amended its Cybersecurity Regulation applicable to covered financial institutions. Our previous blog post covered key proposed changes to the Cyber Regulation.

Cybersecurity

Cybersecurity IT Compliance Financial Services

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity

Cybersecurity Financial Services Data breaches Insurance

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. billion per month.

Insurance

Insurance Data breaches Financial Services Passwords

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

In September 2017, then-SEC Chairman Jay Clayton issued a public statement that provided an overview of the SEC’s approach to cybersecurity and underscored it as a priority for the SEC. Companies’ internal procedures should ensure that important and material information flows to appropriate disclosure personnel in a timely manner.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

NY Attorney General Announces Record Number of Data Breach Notices in 2016

Hunton Privacy

MARCH 23, 2017

On March 21, 2017, New York Attorney General Eric Schneiderman announced that the New York Office of the Attorney General received over 1,300 data breach notifications in 2016, a 60 percent increase from 2015. The reported breaches led to the exposure of personal information of 1.6 million New York residents.

Data breaches

Data breaches Financial Services Cybersecurity Security

NYDFS settles cybersecurity regulation matter for $3 million

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. Readers may recall that NYDFS’ cybersecurity regulation went into effect in March of 2017. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Financial Services Phishing Compliance

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Last Watchdog

APRIL 3, 2019

I had the chance at RSA 2019 to visit with Mike Kiser, global strategist at SailPoint , an Austin, TX-based supplier of IGA services to discuss this. SailPoint, which went public in November 2017, has grown to more than 1000 employees in 30 locations. Users re-defined.

Digital transformation

Digital transformation Insurance Compliance Healthcare

NYDFS settles cybersecurity regulation matter for $1.8 million

Data Protection Report

JUNE 2, 2021

On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 Readers may recall that NYDFS’ cybersecurity regulation went into effect in March of 2017. Readers may recall that NYDFS’ cybersecurity regulation went into effect in March of 2017. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Financial Services Phishing

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

On July 25, 2019, Governor Cuomo signed the two bills into law, one which amended the state’s data breach notification law, and another that created additional obligations for data breaches at credit reporting agencies. The Stop Hacks and Improve Electronic Data Security Act.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

Protection of Privilege in the Aftermath of a Data Breach

Data Matters

JANUARY 25, 2018

In the aftermath of a significant data security incident, a best practice is to hire a third-party forensic firm, working at the direction of counsel, to review how the breach occurred, what data may have been accessed, whether the incident has ceased and other important issues directly relevant to legal counsel’s review.

Data breaches

Data breaches Communications Financial Services Privacy

U.S. Consumer Financial Protection Bureau’s Principles for Data Aggregation Services Could Have Broad Implications

Data Matters

NOVEMBER 13, 2017

18, 2017, the Consumer Financial Protection Bureau (CFPB) released a set of consumer protection principles (Principles) designed to protect consumer interests in the market for services built around consumer-approved use of financial information. Data aggregation services.

Financial Services

Financial Services Privacy Access Marketing

SEC announces sanctions against entities over email account hacking

Security Affairs

SEPTEMBER 1, 2021

The sanctioned entities are Cetera (Advisor Networks, Investment Services, Financial Specialists, Advisors, and Investment Advisers), Cambridge Investment Research (Investment Research and Investment Research Advisors), and KMS Financial Services.

Financial Services

Financial Services Cybersecurity Cloud Security

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

OCTOBER 4, 2018

As of Tuesday, September 4, 2018, covered entities are required to be in compliance with additional requirements relating to: Audit Trail (Section 500.06); Application Security (Section 500.08); Limitations on Data Retention (Section 500.13); Monitoring of Authorized Users (Section 500.14(a)); Limitations on Data Retention (500.13).

Cybersecurity

Cybersecurity Encryption Financial Services Compliance

Sophisticated cyber attacks are biggest technology concern in 2018

IT Governance

JANUARY 10, 2018

In December 2017 we reported that 33.8 million records had been leaked, and in November 2017 there were 59 million records leaked. According to a recent study from Invotra , the financial services industry and the public sector both fear sophisticated, harmful cyber threats in 2018.

Customer Experience

Customer Experience Financial Services GDPR Phishing

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

Major data breaches in recent years are spurring state legislators and regulators across the US into action. Of particular concern to state-level policymakers and enforcement authorities are business practices that in their view may contribute to security incidents. More states are sure to follow.

Insurance

Insurance Cybersecurity Data breaches Financial Services

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

SEPTEMBER 10, 2018

defense contractors and financial services firms worldwide. In March 2018, security experts at Kaspersky Lab have observed an attack powered by the Chinese APT group, the experts speculate the campaign was started in the fall of 2017. We informed the company about the issue via CN-CERT.”

Communications

Communications Financial Services Government Phishing

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Third-party service provider risk management program.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

OCTOBER 4, 2018

As of Tuesday, September 4, 2018, covered entities are required to be in compliance with additional requirements relating to: Audit Trail (Section 500.06); Application Security (Section 500.08); Limitations on Data Retention (Section 500.13); Monitoring of Authorized Users (Section 500.14(a)); Limitations on Data Retention (500.13).

Cybersecurity

Cybersecurity Encryption Financial Services Compliance

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

OCTOBER 4, 2018

As of Tuesday, September 4, 2018, covered entities are required to be in compliance with additional requirements relating to: Audit Trail (Section 500.06); Application Security (Section 500.08); Limitations on Data Retention (Section 500.13); Monitoring of Authorized Users (Section 500.14(a)); Limitations on Data Retention (500.13).

Cybersecurity

Cybersecurity Encryption Financial Services Compliance

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. Data breach litigation risks. Data breach litigation may reach a turning point in 2018.

Privacy

Privacy Cybersecurity Data breaches GDPR

Experts linked ransomware attacks to China-linked APT27

Security Affairs

JANUARY 4, 2021

defense contractors , financial services firms, and a national data center in Central Asia. ” The experts observed the APT group exploiting the Windows COM Elevation of Privilege Vulnerability tracked as CVE-2017-0213. The APT group has been active since 2010, targeted organizations worldwide, including U.S.

Ransomware

Ransomware Encryption Financial Services Cybersecurity

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

ARMA International

AUGUST 2, 2019

with Equifax in connection with a 2017 data breach that exposed sensitive, personal data of around 147 million people. According to the FTC’s press release, the data breach included “names and dates of birth, Social Security numbers, physical addresses, and other personal information that could lead to identity theft and fraud.”

Cloud

Cloud Data breaches Encryption Access

Emissary Panda APT group hit Government Organizations in the Middle East

Security Affairs

MAY 30, 2019

defense contractors , financial services firms, and a national data center in Central Asia. Experts pointed out that attackers used tools to scan the network for systems vulnerable to CVE-2017-0144 , the flaw exploited by the NSA-linked EternalBlue exploit.

Government

Government Financial Services Security Cybersecurity

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

Finally, the plan must require evaluation and revisions to it as necessary following a security event. Chief Information Security Officer (“CISO”). Specific information security measures. The proposed Rule is much more detailed in terms of security measures that FIs must implement.

Privacy

Privacy Risk Cybersecurity Information Security

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

Brexit triggered a significant onshoring of legislation to ensure that the UK continued to have a functioning financial services regulatory regime. The post UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services appeared first on Data Matters Privacy Blog.

Authentication

Authentication Paper Risk Insurance

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

Security Affairs

MAY 24, 2023

Iran-linked threat actor Tortoiseshell targeted shipping, logistics, and financial services companies in Israel with watering hole attacks. The threat actors used a script on the compromised websites to collect preliminary user information. We are in the final!

Financial Services

Financial Services Security Cybersecurity IT

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Security Affairs

SEPTEMBER 1, 2023

EternalBlue is a Windows exploit created by the US National Security Agency (NSA) and used in the 2017 WannaCry ransomware attack. This dupes a Windows machine that has not been patched against the vulnerability into allowing illegitimate data packets into the legitimate network.

Phishing

Phishing Ransomware Search queries Access

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

ybercriminals behind the PerSwaysion campaign gained access to many confidential corporate MS Office365 emails of mainly financial service companies, law firms, and real estate groups. They dump email data via API and establish the owner’s high-level business connections. Hence, it opens up a wide range of possibilities.

Phishing

Phishing Financial Services Cloud Authentication

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

A high-profile cyber incident may cause substantial financial and reputational losses to an organization, including the disruption of corporate business processes, destruction or theft of critical data assets, loss of goodwill, and shareholder and consumer litigation. Encrypting critical data assets. Managing digital identities.

Cybersecurity

Cybersecurity Risk Passwords Authentication

Survey Says…Cybersecurity Remains A Critical Challenge For Business

Privacy and Cybersecurity Law

MARCH 23, 2018

In its Global Risk Report 2017 , the World Economic Forum found that “large-scale cyber-attacks or malware causing large economic damages” or “widspread loss of trust in the internet” remain the primary business risks in North America.

Cybersecurity

Cybersecurity Data breaches Artificial Intelligence IoT

Download IGI’s Whitepaper: Ameritas Leverages Technology For Improved Information Governance

IGI

MAY 1, 2018

The insurance company was already reviewing its information governance processes before New York Department of Financial Services introduced new regulatory standards in March 2017. The project has expanded to ensure compliance with 23 NYCRR Part 500 through its focus on sensitive data compliance and reduced business risk.

Information governance

Information governance Government Records Management Insurance

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. With evolving attack methodologies due to machine learning, quantum computing, and sophisticated nation-state hackers, security startups are receiving record funding.

Cybersecurity

Cybersecurity Cloud Compliance Analytics

U.S. Treasury Expresses National Perspective In Response to NAIC Insurance Data Security Model Law

Data Matters

DECEMBER 7, 2017

On October 26, 2017, the U.S. The Report, titled A Financial System That Creates Economic Opportunities: Asset Management and Insurance , identifies laws and regulations that are inconsistent with the Trump Administration’s Core Principles for financial regulation as set forth in Executive Order 13772 (Feb. Report at 117.

Insurance

Insurance Data breaches Security Cybersecurity

U.S. Warns of Threat to Financial Industry Posed by North Korean Cyberattacks

Data Matters

APRIL 21, 2020

a 2017 ransomware cyberattack that infected hundreds of thousands of computers and IT resources in over 150 countries, and the Digital Currency Exchange Hack, a hack into a digital currency exchange that stole approximately $250 million worth of digital currency. Recent examples of cyberattacks attributed to North Korea include WannaCry 2.0,

Cybersecurity

Cybersecurity Risk Ransomware Government

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Nissan Oceania data breach impacted roughly 100,000 people

Webinars

Trending Sources

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Webinars

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

A cyber attack hit Nissan Oceania

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

New York State Expected to Increase Enforcement of Cybersecurity Practices

American Insurance firm State Farm victim of credential stuffing attacks

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

NY Attorney General Announces Record Number of Data Breach Notices in 2016

NYDFS settles cybersecurity regulation matter for $3 million

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

NYDFS settles cybersecurity regulation matter for $1.8 million

New York Enacts Stricter Data Cybersecurity Laws

Protection of Privilege in the Aftermath of a Data Breach

U.S. Consumer Financial Protection Bureau’s Principles for Data Aggregation Services Could Have Broad Implications

SEC announces sanctions against entities over email account hacking

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

Sophisticated cyber attacks are biggest technology concern in 2018

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Transition period under New York Cybersecurity Regulation ends March 1, 2019

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

Privacy and Cybersecurity Top 10 for 2018

Experts linked ransomware attacks to China-linked APT27

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

Emissary Panda APT group hit Government Organizations in the Middle East

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Survey Says…Cybersecurity Remains A Critical Challenge For Business

Download IGI’s Whitepaper: Ameritas Leverages Technology For Improved Information Governance

Top Cybersecurity Startups to Watch in 2022

U.S. Treasury Expresses National Perspective In Response to NAIC Insurance Data Security Model Law

U.S. Warns of Threat to Financial Industry Posed by North Korean Cyberattacks

Stay Connected