2018, Data, Financial Services and Information Security

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. Authorized property/casualty insurers should use a data-driven and comprehensive plan to assess gaps and vulnerabilities in the cybersecurity of their insureds and potential insureds. Rigorously Measure Insured Risk. 1 See W.B.

Insurance

Insurance Financial Services Cybersecurity Risk

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. terabyte of stolen data. Threat actors used custom malware to steal data from 3.2 million Windows systems between 2018 and 2020. “The data was collected from 3.25

Computer and Electronics

Computer and Electronics Archiving Encryption Passwords

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. This week, the U.S.

Insurance

Insurance Risk Financial Services Mining

Sophisticated cyber attacks are biggest technology concern in 2018

IT Governance

JANUARY 10, 2018

New report reveals technology concerns for financial and public sectors in 2018. Traditional security measures such as firewalls and antivirus software are proving inadequate in the evolving threat landscape. In 2018, organisations are looking at ‘when’ they will be attacked, not ‘if’.

Customer Experience

Customer Experience Financial Services GDPR Phishing

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. billion per month.

Insurance

Insurance Data breaches Financial Services Passwords

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. We expect each of these trends to continue in 2018. Data breach litigation risks.

Privacy

Privacy Cybersecurity Data breaches GDPR

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. The service determines whether an application is malicious or suspicious and, if so, will block it from making changes to any files in a protected folder. The post U.S.

Cybersecurity

Cybersecurity Financial Services Authentication Government

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

In the Order, the SEC alleges that First American’s disclosures concerning the vulnerability were deficient because senior executives were not provided all available and relevant information, specifically that First American’s information security personnel had identified and failed to remediate the vulnerability months earlier in January 2019.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

NYDFS settles cybersecurity regulation matter for $1.8 million

Data Protection Report

JUNE 2, 2021

On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Financial Services Phishing

NYDFS settles cybersecurity regulation matter for $3 million

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. NSC), relating to violations of three different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2020. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Financial Services Phishing Compliance

SEC announces sanctions against entities over email account hacking

Security Affairs

SEPTEMBER 1, 2021

The sanctioned entities are Cetera (Advisor Networks, Investment Services, Financial Specialists, Advisors, and Investment Advisers), Cambridge Investment Research (Investment Research and Investment Research Advisors), and KMS Financial Services.

Financial Services

Financial Services Cybersecurity Cloud Security

EU Parliament Approves Collective Redress Directive

Hunton Privacy

NOVEMBER 25, 2020

The Collective Redress Directive was presented in April 2018 by the European Commission and is part of the European Commission’s New Deal for Consumers. including infringement of the EU General Data Protection (the “GDPR”).

Financial Services

Financial Services GDPR IT Information Security

Protection of Privilege in the Aftermath of a Data Breach

Data Matters

JANUARY 25, 2018

In the aftermath of a significant data security incident, a best practice is to hire a third-party forensic firm, working at the direction of counsel, to review how the breach occurred, what data may have been accessed, whether the incident has ceased and other important issues directly relevant to legal counsel’s review.

Data breaches

Data breaches Communications Financial Services Privacy

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. Nevertheless, EyeMed certified its compliance with the Cybersecurity Regulation annually, from 2018-2021.

Cybersecurity

Cybersecurity Personal data Risk Financial Services

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

OCTOBER 4, 2018

As of Tuesday, September 4, 2018, covered entities are required to be in compliance with additional requirements relating to: Audit Trail (Section 500.06); Application Security (Section 500.08); Limitations on Data Retention (Section 500.13); Monitoring of Authorized Users (Section 500.14(a)); a)); and.

Cybersecurity

Cybersecurity Encryption Financial Services Compliance

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Upcoming certifications. Additional guidance.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

SEPTEMBER 10, 2018

defense contractors and financial services firms worldwide. In March 2018, security experts at Kaspersky Lab have observed an attack powered by the Chinese APT group, the experts speculate the campaign was started in the fall of 2017. We informed the company about the issue via CN-CERT.”

Communications

Communications Financial Services Government Phishing

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

Major data breaches in recent years are spurring state legislators and regulators across the US into action. Of particular concern to state-level policymakers and enforcement authorities are business practices that in their view may contribute to security incidents. More states are sure to follow.

Insurance

Insurance Cybersecurity Data breaches Financial Services

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

OCTOBER 4, 2018

As of Tuesday, September 4, 2018, covered entities are required to be in compliance with additional requirements relating to: Audit Trail (Section 500.06); Application Security (Section 500.08); Limitations on Data Retention (Section 500.13); Monitoring of Authorized Users (Section 500.14(a)); a)); and.

Cybersecurity

Cybersecurity Encryption Financial Services Compliance

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

OCTOBER 4, 2018

As of Tuesday, September 4, 2018, covered entities are required to be in compliance with additional requirements relating to: Audit Trail (Section 500.06); Application Security (Section 500.08); Limitations on Data Retention (Section 500.13); Monitoring of Authorized Users (Section 500.14(a)); a)); and.

Cybersecurity

Cybersecurity Encryption Financial Services Compliance

February 15 deadline looms for first DFS Cybersecurity Certification

Data Protection Report

FEBRUARY 8, 2018

February 15, 2018, is quickly approaching and any entity subject to New York’s cybersecurity regulation (23 NYCRR Part 500) must file its first annual certification of compliance with the New York State Department of Financial Services (DFS) by that date. To subscribe to posts from Data Protection Report , please click here.

Cybersecurity

Cybersecurity Financial Services Compliance Insurance

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

Data Matters

OCTOBER 8, 2020

Ransomware attacks use malware, often injected through phishing schemes, to encrypt a victim’s data files or programs, followed by a ransom demand by the threat actor that offers the decryption key in exchange for payment. Payment is often demanded in bitcoin, and thus third-party services are often used to make such payments.

Ransomware

Ransomware Compliance Risk Government

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

ARMA International

AUGUST 2, 2019

with Equifax in connection with a 2017 data breach that exposed sensitive, personal data of around 147 million people. According to the FTC’s press release, the data breach included “names and dates of birth, Social Security numbers, physical addresses, and other personal information that could lead to identity theft and fraud.”

Cloud

Cloud Data breaches Encryption Access

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

Finally, the plan must require evaluation and revisions to it as necessary following a security event. Chief Information Security Officer (“CISO”). Specific information security measures. The proposed Rule is much more detailed in terms of security measures that FIs must implement.

Privacy

Privacy Risk Cybersecurity Information Security

CIPL and AvePoint Release Global GDPR Readiness Report

Hunton Privacy

NOVEMBER 10, 2016

On November 9, 2016, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP and AvePoint released the results of a joint global survey launched in May 2016 concerning organizational preparedness for implementing the EU General Data Protection Regulation (“GDPR”).

GDPR

GDPR Data Privacy Compliance Privacy

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

Brexit triggered a significant onshoring of legislation to ensure that the UK continued to have a functioning financial services regulatory regime. The post UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services appeared first on Data Matters Privacy Blog.

Authentication

Authentication Paper Risk Insurance

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Data breached: 36 million records. Data breached: 6,935,412 individuals’ data. Data breached: 6.9 Only 3 definitely haven’t had data breached.

Data Privacy

Data Privacy Privacy Security Data breaches

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

Security Affairs

MAY 24, 2023

Iran-linked threat actor Tortoiseshell targeted shipping, logistics, and financial services companies in Israel with watering hole attacks. The threat actors used a script on the compromised websites to collect preliminary user information.

Financial Services

Financial Services Security Cybersecurity IT

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

* This article first appeared in In-House Defense Quarterly on April 3, 2018. Information security is not yet a science; outside of the handful of issues falling under the field of cryptography, there is no formalized system of classification. Creating an enterprise-wide governance structure.

Cybersecurity

Cybersecurity Risk Passwords Authentication

Survey Says…Cybersecurity Remains A Critical Challenge For Business

Privacy and Cybersecurity Law

MARCH 23, 2018

On March 14, 2018, IBM Security announced the results of a new global study on organizational cybersecurity readiness and resiliency entitled “The 2018 Cyber Resilient Organization.” 23% of respondents say they do not currently have a CISO or security leader.

Cybersecurity

Cybersecurity Data breaches Artificial Intelligence IoT

Weekly podcast: banks, Thomas Cook, London cyber court and Facebook

IT Governance

JULY 13, 2018

This week, we discuss operational resilience in the banking and financial market infrastructures sectors, a data breach affecting Thomas Cook subsidiaries, London’s proposed new court building and the latest development in the Facebook/Cambridge Analytica scandal. Here are this week’s stories. Here are this week’s stories.

Business Services

Business Services Marketing Data breaches Paper

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. With evolving attack methodologies due to machine learning, quantum computing, and sophisticated nation-state hackers, security startups are receiving record funding.

Cybersecurity

Cybersecurity Cloud Compliance Analytics

CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

KnowBe4

MAY 31, 2023

That's right – the financial services industry, at least according to cybersecurity vendor Armorblox's 2023 Email Security Threat Report. Security Culture Benchmarking feature lets you compare your organization's security culture with your peers Did you know? Yup – shoe store.

Phishing

Phishing File names Security awareness Risk

President Trump Signs Financial Services Regulatory Reform Legislation

Data Matters

JUNE 5, 2018

On May 24, 2018, President Donald Trump signed into law the Economic Growth, Regulatory Relief, and Consumer Protection Act (the Act). The Act makes many significant modifications to the postcrisis financial regulatory framework, although it leaves the core of that framework intact.

Financial Services

Financial Services Insurance Privacy Authentication

U.S. Treasury Expresses National Perspective In Response to NAIC Insurance Data Security Model Law

Data Matters

DECEMBER 7, 2017

The Report, titled A Financial System That Creates Economic Opportunities: Asset Management and Insurance , identifies laws and regulations that are inconsistent with the Trump Administration’s Core Principles for financial regulation as set forth in Executive Order 13772 (Feb. 3, 2017), and makes recommendations to ensure alignment.

Insurance

Insurance Data breaches Security Cybersecurity

U.S. Warns of Threat to Financial Industry Posed by North Korean Cyberattacks

Data Matters

APRIL 21, 2020

These incidents, and other similar digital attacks, victimized institutions and individuals alike with monetary losses, data loss or corruption as well as system downtime that can have a cascading effect to operations, productivity, profits and market reputation. Recent examples of cyberattacks attributed to North Korea include WannaCry 2.0,

Cybersecurity

Cybersecurity Risk Ransomware Government

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Security Compliance & Data Privacy Regulations

Webinars

Trending Sources

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Webinars

Mysterious custom malware used to steal 1.2TB of data from million PCs

First American Financial Pays Farcical $500K Fine

Sophisticated cyber attacks are biggest technology concern in 2018

American Insurance firm State Farm victim of credential stuffing attacks

Privacy and Cybersecurity Top 10 for 2018

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

NYDFS settles cybersecurity regulation matter for $1.8 million

NYDFS settles cybersecurity regulation matter for $3 million

SEC announces sanctions against entities over email account hacking

EU Parliament Approves Collective Redress Directive

Protection of Privilege in the Aftermath of a Data Breach

NYDFS settles with EyeMed for $4.5 million

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

February 15 deadline looms for first DFS Cybersecurity Certification

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

CIPL and AvePoint Release Global GDPR Readiness Report

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Survey Says…Cybersecurity Remains A Critical Challenge For Business

Weekly podcast: banks, Thomas Cook, London cyber court and Facebook

Top Cybersecurity Startups to Watch in 2022

CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

President Trump Signs Financial Services Regulatory Reform Legislation

U.S. Treasury Expresses National Perspective In Response to NAIC Insurance Data Security Model Law

U.S. Warns of Threat to Financial Industry Posed by North Korean Cyberattacks

Stay Connected