2018, Government, Information Security and Insurance

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

JANUARY 14, 2019

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. The Act is designed to “establish standards for data security and for the investigation and notification to the Superintendent of Insurance of a cybersecurity event.”.

Insurance

Insurance Security Cybersecurity Data breaches

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. According to NYDFS, the incorporation of these practices should be proportionate to each insurer’s size, resources, geographic distribution, and other factors. The Framework.

Insurance

Insurance Financial Services Cybersecurity Risk

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

The SEC says First American derives nearly 92 percent of its revenue from its title insurance segment, earning $7.1 Title insurance protects homebuyers from the prospect of someone contesting their legitimacy as the new homeowner. Title insurance is not mandated by law, but most lenders require it as part of any mortgage transaction.

Insurance

Insurance Risk Financial Services Mining

Webinars

Launching LLM-Based Products: From Concept to Cash in 90 Days

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

MORE WEBINARS

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

We expect each of these trends to continue in 2018. As we begin this New Year, here is list of the top 10 privacy and cybersecurity issues for 2018: EU GDPR. The May 25, 2018 effective date for the EU’s General Data Protection Regulation (GDPR) will no doubt be a central focus of 2018. Data breach litigation risks.

Privacy

Privacy Cybersecurity Data breaches GDPR

NYDFS Cybersecurity Regulation: Additional Cybersecurity Program Safeguards Due September 4, 2018

Data Matters

AUGUST 27, 2018

Companies subject to New York’s Cybersecurity Regulation are acting quickly to finalize their compliance obligations as the fifth “due date,” September 4, 2018, quickly approaches. Looking ahead, Covered Entities will be required to meet one final compliance deadline for the NYDFS on March 1, 2019.

Cybersecurity

Cybersecurity Compliance Encryption Risk

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information. This resolution highlights the SEC’s continued focus on cybersecurity.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. But those aren’t the only laws or regulations that affect IT security teams.

Data Privacy

Data Privacy Compliance Privacy Security

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. government, especially in light of ongoing tensions between the U.S. This is an important public action by the U.S. and Russia in Ukraine.

Cybersecurity

Cybersecurity Financial Services Authentication Government

Government survey reveals GDPR awareness is falling short

IT Governance

FEBRUARY 8, 2018

The Cyber Security Breaches Survey 2018 from the Department for Digital, Culture, Media and Sport (DCMS) has revealed that only 38% of businesses and 44% of charities have heard of the General Data Protection Regulation (GDPR). This is a worrisome finding, as it is only a matter of months until the new Regulation is enforced.

GDPR

GDPR Government Education Compliance

How are the EU member states progressing in their implementation of the NIS Directive?

IT Governance

APRIL 10, 2019

Implementation status : Transposed, as the Cyber Security Act (94/2018). Implementation status : Transposed, as The Security of Network and Information Systems Law of 2018. 440/2018) , along with Executive Order (no. 458/2018) and Executive Order (no. 360 of 2018. 46/ 2018 of August 13.

Compliance

Compliance Information Security Government Insurance

HHS Releases Cybersecurity Guidance for Healthcare Organizations

Data Matters

JANUARY 8, 2019

On December 28, 2018, the U.S. The publication, “ Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients ” (HICP), is the result of a government and industry collaboration mandated by the Cybersecurity Act of 2015.

Cybersecurity

Cybersecurity Insurance Phishing Government

Patch your vulnerabilities now or risk punishment under the GDPR

IT Governance

JANUARY 19, 2018

In the wake of the Meltdown and Spectre flaws revealed on 3 January 2018, the Information Commissioner’s Office (ICO) has warned that existing vulnerabilities could lead to punishment when the EU General Data Protection Regulation (GDPR) is enforced. Secure configuration. Retroactive punishment. Malware protection.

GDPR

GDPR Risk Insurance Government

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

According to the experts, the threat actors are merely trying to monetize their efforts selling information that have no intelligence value for the Iranian Government. In late July 2020, Crowdstrike spotted a threat actor associated with PIONEER KITTEN that was attempting to sell access to compromised networks on an underground forum.

Access

Access Financial Services Retail Insurance

The Week in Cyber Security and Data Privacy: 30 October – 5 November 2023

IT Governance

NOVEMBER 6, 2023

When MOVEit was hacked by the Russian Cl0p ransomware gang in May, email addresses and links to government employee surveys were compromised. On 2 September, it confirmed that an unauthorised party had accessed or removed some of its files, some of which contained confidential patient information.

Data Privacy

Data Privacy Privacy Security Libraries

The Riviera Beach City pays $600,000 in ransom

Security Affairs

JUNE 20, 2019

On Monday, city officials participating to a rapid meeting unanimously voted to use the city’s insurance to pay a ransom of 65 bitcoins (~$603,000). “The payment is being covered by insurance.” ” continues the AP. million to hackers — about $2,400 per attack.

Insurance

Insurance Ransomware Encryption Government

Weekly podcast: NHS upgrade, $242m Equifax loss and prison hacker jailed

IT Governance

MAY 3, 2018

Hello and welcome to the IT Governance podcast for Friday, 4 May 2018. million according to its financial report for the first quarter of 2018. However, a large part of the loss has been offset by the company’s cyber insurance: Equifax announced that it maintains “$125 million of cybersecurity insurance coverage, above a $7.5

Computer and Electronics

Computer and Electronics Insurance Data breaches Information Security

Alabama Hospital chain paid ransom to resume operations after ransomware attack

Security Affairs

OCTOBER 13, 2019

The hospital chain hasn’t revealed the amount it has paid to the crooks to decrypt the data, it seems that an insurance covered the cost. “We had to gain access to our system quickly and gain the information it was blocking,” chief operating officer Paul Betz told a news conference. ” continues the post.

Ransomware

Ransomware Insurance Paper Government

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

Another fine for over-retention of data

Data Protection Report

APRIL 7, 2022

CafePress included in its email responses to consumers’ commonly asked questions, “CafePress.com also pledges to use the best and most accepted methods and technologies to insure [sic] your personal information is safe and secure.” The company was also notified by a foreign government that its data was sold to “carders.”.

Privacy

Privacy Compliance Insurance Data collection

The Week in Cyber Security and Data Privacy: 13 – 19 November 2023

IT Governance

NOVEMBER 20, 2023

The ICO (Information Commissioner’s Office) reports that Ms Alborghetti appeared before Worcester Magistrates’ Court on 15 November 2023, where “she pleaded guilty to unlawfully obtaining personal data in breach of Section 170 of the Data Protection Act 2018 and was ordered to pay a total of £648”. We hope you found it useful.

Data Privacy

Data Privacy Privacy Data breaches Security

Lake City agreed to pay $500,000 in ransom, is the second case in Florida in a week

Security Affairs

JUNE 26, 2019

Crooks made a request of a ransom a week after the initial infection, they contacted the Lake City’s insurance provider, the League of Cities, which negotiated a payment of 42 bitcoins. In July 2018, another Palm Beach suburb, Palm Springs, decided to pay a ransom, but it was not able to completely recover all its data.

Ransomware

Ransomware Insurance Government IT

Anthem Pays OCR $16 Million in Record HIPAA Settlement Following Largest U.S. Health Data Breach in History

IG Guru

OCTOBER 24, 2018

October 15, 2018 Anthem, Inc. Department of Health and Human Services, Office for Civil Rights (OCR) and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules after a series of cyberattacks led to the […].

Data breaches

Data breaches Insurance Privacy Security

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

Data Matters

OCTOBER 8, 2020

According to OFAC, ransomware attacks have been increasing over the last two years and are a special risk during the COVID-19 pandemic, with cybercriminals targeting not only large corporations but also small to medium enterprises, hospitals, schools, and local government agencies. November 2018: two Iranian creators of SamSam ransomware.

Ransomware

Ransomware Compliance Risk Government

Colorado Amends Data Breach Notification Law and Enacts Data Security Requirements

Hunton Privacy

JUNE 14, 2018

Recently, Colorado’s governor signed into law House Bill 18-1128 “concerning strengthening protections for consumer data privacy” (the “Bill”), which takes effect September 1, 2018. Timing: Notice to affected Colorado residents and the Colorado Attorney General must be made within 30 days after determining that a security breach occurred.

Data breaches

Data breaches Security Passwords Military

Wake up to the reality of the GDPR: What you need to know about compliance

IT Governance

JANUARY 30, 2019

May 2018 brought a whirlwind of panic as organisations rushed to meet the compliance deadline, but it was followed by months of unnerving silence. As 2018 drew to a close, a few small fines were levied in Austria , France , Portugal and Germany. We’re through the eye of the GDPR (General Data Protection Regulation) storm.

GDPR

GDPR Compliance Personal data Data breaches

List of data breaches and cyber attacks in February 2019 – 692,853,046 records leaked

IT Governance

FEBRUARY 26, 2019

500px reveals 2018 breach that exposed user data. Eskom data leak exposes sensitive customer information – Security researcher. Outdated software left municipal worker information exposed in 200 towns. Possibility of data breach with mySalam health insurance scheme, Perkasa claims.

Data breaches

Data breaches Sales Phishing Ransomware

The Problem With the Small Business Cybersecurity Assistance Act

Security Affairs

JULY 18, 2019

The Small Business Cybersecurity Assistance Act may provide business owners with access to government-level tools to secure small business against attacks. can hope for at present and an encouraging sign that the problem is on the government’s radar. government doesn’t stand ready to have their backs.

Cybersecurity

Cybersecurity Education Government Risk

Student loan company that stole millions from consumers leaks sensitive phone calls, SSNs, tax records

Security Affairs

JUNE 5, 2020

Some of the call recordings take place in early- to mid-2018. We then contacted Amazon on May 7, and they were able to secure the indexing on May 9. Of the recordings we analyzed, most of them seem to have taken place in early- to mid-2018. However, the US government makes these services available for free to consumers.

Access

Access Security Marketing IT

1M compromised cards available for free in the underground market

Security Affairs

AUGUST 8, 2021

All material from 2018-2019. Figure 5 – Screenshot from Group-IB Threat Intelligence & Attribution system Nevertheless, according to Group-IB’s findings, despite the post author’s claim that the cards were compromised from 2018-2019, 97% of the records in the database are still valid. Valid at 3%.

Marketing

Marketing Sales IT Insurance

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

Finally, the plan must require evaluation and revisions to it as necessary following a security event. Chief Information Security Officer (“CISO”). Specific information security measures. The proposed Rule is much more detailed in terms of security measures that FIs must implement. Board reporting.

Privacy

Privacy Risk Cybersecurity Information Security

SEC Chair: Sweeping New Cybersecurity Rules Are Coming Soon

Data Matters

FEBRUARY 10, 2022

For example, SEC guidance from 2018 emphasizes that there is a range of factors that may affect whether an incident should be disclosed to investors beyond the bottom-line financial costs to respond to the incident. 26, 2018), available at [link]. Public Companies and Service Providers. 20, 2021), [link]. 4 See Alan Raul et al.,

Cybersecurity

Cybersecurity Marketing Risk Compliance

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

The FCA has provided new guidance for PIs and EMIs using the “insurance or comparable guarantee” method of safeguarding. This includes a requirement that the insurance policy or comparable guarantee must pay out for the full amount of any claim regardless of how the relevant insolvency event occurs (including if the firm is at fault).

Authentication

Authentication Paper Risk Insurance

List of Data Breaches and Cyber Attacks in 2023

IT Governance

JUNE 1, 2023

Meanwhile, you can subscribe to our Weekly Round-up to receive the latest cyber security news and advice delivered straight to your inbox. IT Governance is dedicated to helping organisations tackle the threat of cyber crime and other information security weaknesses.

Data breaches

Data breaches Insurance Personal data Ransomware

M&A Due Diligence: The Devil in Their Data

Data Matters

NOVEMBER 16, 2017

Cybersecurity insurance was a relatively new—and far from prevalent—concept. These data protection authorities (DPAs) have developed robust regulatory requirements for the security of data. Even when data breaches resulted in class actions, the suits were routinely dismissed because courts found no compensable injury.

Data breaches

Data breaches Cybersecurity Risk Compliance

FTC Hosts Workshop on Informational Injury

Hunton Privacy

DECEMBER 15, 2017

Consideration was given to whether the same factors apply in both the privacy and security contexts, the risk of potential injury versus realized injury and when government intervention is warranted. Panelists were then asked at which stage of the hypotheticals they believed government intervention should occur.

Privacy

Privacy Risk Retail Insurance

OCR Provides Insight into Enforcement Priorities and Breach Trends

HL Chronicle of Data Protection

OCTOBER 21, 2019

Regulators, industry experts, and researchers provided insight into health privacy and security enforcement trends, emerging threats, and new tools at a recent conference focused on the Health Insurance Portability and Accountability (HIPAA) regulatory framework. million settlement in 2018. New and Enhanced Frameworks and Tools.

Risk

Risk Compliance Privacy Access

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

The Last Watchdog

AUGUST 15, 2019

Related: ‘Cyber Pearl Harbor’ happens every day Some 15 months earlier, in March 2018, Atlanta was hit by a similar assault, and likewise refused to pay a $51,000 ransom, eating $17 million in damage. However, that’s more a function of hackers targeting individuals less, and companies and governments more.

Ransomware

Ransomware Access Cybersecurity Insurance

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

Source (New) Transport USA Yes 3,815 Okta Source 1 ; source 2 (Update) Cyber security USA Yes 3,800 Shah Dixit & Associates, P.C. Source (New) Finance USA Yes 3,494 Woodruff Sawyer Source (New) Insurance USA Yes 3,087 Blackburn College Source (New) Education USA Yes 3,039 CAIRE Inc. UniCredit fined €2.8

Data Privacy

Data Privacy Privacy Security Data breaches

The Hidden Cost of Ransomware: Wholesale Password Theft

Krebs on Security

JANUARY 6, 2020

” Security news site Bleeping Computer reported on the T-Systems Ryuk ransomware attack on Dec. “Emotet continues to be among the most costly and destructive malware,” reads a July 2018 alert on the malware from the U.S. Department of Homeland Security. Cloud-based health insurance management portals.

Passwords

Passwords Ransomware Authentication Communications

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

Compared to its predecessors, the sixth “Hi-Tech Crime Trends” report is the first to contain chapters devoted to the main industries attacked and covers the period from H2 2018 to H1 2019, as compared to the period from H2 2017 to H1 2018. The threat actor mainly targets insurance, consulting, and construction companies.

IT

IT Military Cybersecurity Phishing

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

* This article first appeared in In-House Defense Quarterly on April 3, 2018. Increasingly, thought leaders, professional organizations, and government agencies are beginning to provide answers. Creating an enterprise-wide governance structure. Aligning cyber risk with corporate strategy.

Cybersecurity

Cybersecurity Risk Passwords Authentication

Alabama Passes Data Breach Notification Law; Breach Laws Now on the Books in All 50 States

Data Matters

MARCH 30, 2018

Alabama has joined the ranks of the other 49 states with breach notification requirements by enacting the Alabama Data Breach Notification Act of 2018 (the “Act”). The Alabama Act also requires companies to take certain reasonable security measures to protect Sensitive Personally Identifiable Information.

Data breaches

Data breaches Insurance Encryption Passwords

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. Startup Est Headquarters Staff Funding Funding Type Abnormal Security 2018 San Francisco, CA 261 $74.0 Series B Apiiro Security 2019 Tel Aviv, Israel 65 $35.0

Cybersecurity

Cybersecurity Cloud Compliance Analytics

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Webinars

Trending Sources

First American Financial Pays Farcical $500K Fine

Webinars

Privacy and Cybersecurity Top 10 for 2018

NYDFS Cybersecurity Regulation: Additional Cybersecurity Program Safeguards Due September 4, 2018

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Security Compliance & Data Privacy Regulations

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Government survey reveals GDPR awareness is falling short

How are the EU member states progressing in their implementation of the NIS Directive?

HHS Releases Cybersecurity Guidance for Healthcare Organizations

Patch your vulnerabilities now or risk punishment under the GDPR

Iran-linked APT group Pioneer Kitten sells access to hacked networks

The Week in Cyber Security and Data Privacy: 30 October – 5 November 2023

The Riviera Beach City pays $600,000 in ransom

Weekly podcast: NHS upgrade, $242m Equifax loss and prison hacker jailed

Alabama Hospital chain paid ransom to resume operations after ransomware attack

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Another fine for over-retention of data

The Week in Cyber Security and Data Privacy: 13 – 19 November 2023

Lake City agreed to pay $500,000 in ransom, is the second case in Florida in a week

Anthem Pays OCR $16 Million in Record HIPAA Settlement Following Largest U.S. Health Data Breach in History

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

More articles about information management than any sane person should write

Colorado Amends Data Breach Notification Law and Enacts Data Security Requirements

Wake up to the reality of the GDPR: What you need to know about compliance

List of data breaches and cyber attacks in February 2019 – 692,853,046 records leaked

The Problem With the Small Business Cybersecurity Assistance Act

Student loan company that stole millions from consumers leaks sensitive phone calls, SSNs, tax records

1M compromised cards available for free in the underground market

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

SEC Chair: Sweeping New Cybersecurity Rules Are Coming Soon

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

List of Data Breaches and Cyber Attacks in 2023

M&A Due Diligence: The Devil in Their Data

FTC Hosts Workshop on Informational Injury

OCR Provides Insight into Enforcement Priorities and Breach Trends

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

The Hidden Cost of Ransomware: Wholesale Password Theft

Group-IB presents its annual report on global threats to stability in cyberspace

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Alabama Passes Data Breach Notification Law; Breach Laws Now on the Books in All 50 States

Top Cybersecurity Startups to Watch in 2022

Stay Connected