2019, Data, Financial Services and Information Security

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. Authorized property/casualty insurers should use a data-driven and comprehensive plan to assess gaps and vulnerabilities in the cybersecurity of their insureds and potential insureds. Rigorously Measure Insured Risk. 1 See W.B.

Insurance

Insurance Financial Services Cybersecurity Risk

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. This week, the U.S.

Insurance

Insurance Risk Financial Services Mining

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity

Cybersecurity Financial Services Data breaches Insurance

Law enforcement operation seized Ragnar Locker group’s infrastructure

Security Affairs

OCTOBER 19, 2023

The police on Thursday seized the Tor negotiation and data leak sites. The ransomware operation has been active since late December 2019, the FBI published two flash alert to warn of the operation of the group. “As This is an important achievement in the fight against cybercrime. Both FBI and Europol declined to comment on the events.

Ransomware

Ransomware Financial Services Manufacturing Government

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. billion per month.

Insurance

Insurance Data breaches Financial Services Passwords

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

Mastercard data breach affected Priceless Specials loyalty program

Security Affairs

AUGUST 23, 2019

Mastercard disclosed a data breach that impacted customer data from the company’s Priceless Specials loyalty program. The American multinational financial services corporation noti f ied the data breach to the German and Belgian Data Protection Authorities. ” states MasterCard.

Data breaches

Data breaches Financial Services Passwords Security

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

In the Order, the SEC alleges that First American’s disclosures concerning the vulnerability were deficient because senior executives were not provided all available and relevant information, specifically that First American’s information security personnel had identified and failed to remediate the vulnerability months earlier in January 2019.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

The financial sector is quite heavily regulated, and involves a lot of confidential data. You’d therefore expect that the sector fares better at data security than your average organisation. So to account for seasonality, we’ve only looked at Q2–Q4 for all four years (2019–2022). What do the statistics say?

Risk

Risk Data breaches Authentication Financial Services

NYDFS settles cybersecurity regulation matter for $1.8 million

Data Protection Report

JUNE 2, 2021

On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019. Affiliate #1 notified NYDFS on November 25, 2019.

Cybersecurity

Cybersecurity Insurance Financial Services Phishing

NYDFS settles cybersecurity regulation matter for $3 million

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. According to the consent order, the matter began when NSC reported a cybersecurity event to NYDFS on October 23, 2019. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Financial Services Phishing Compliance

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

Security Affairs

JUNE 6, 2024

The FBI is informing victims of LockBit ransomware it has obtained over 7,000 LockBit decryption keys that could allow some of them to decrypt their data. “Additionally, from our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online.”

Energy and Utilities

Energy and Utilities Ransomware Agriculture Encryption

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs

MARCH 8, 2022

The ransomware operation has been active since late December 2019, this is the second time that the FBI first shares IoC related to RagnarLocker operation, the FBI first became aware of this threat in April 2020. The flash alert includes a series of mitigations to neutralize such attacks: Back-up critical data offline.

Ransomware

Ransomware Passwords Financial Services Manufacturing

New York SHIELD Act $600,000 settlement

Data Protection Report

FEBRUARY 8, 2022

In total, information for approximately 2.1 The latter is the 2019 data security law known as the Stop Hacks and Improve Electronic Data Security (SHIELD) Act. EyeMed neither admitted nor denied the AG’s findings in the settlement. Background. SHIELD Act.

Passwords

Passwords Financial Services Authentication Insurance

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

The flurry of state legislative activity in the wake of the enactment of the California Consumer Protection Act (CCPA) continues with the New York legislature recently passing two bills to increase accountability for the processing of personal information. The Stop Hacks and Improve Electronic Data Security Act.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Security Affairs

FEBRUARY 21, 2024

Law enforcement also had access to data stolen from the victims of the ransomware operation, a circumstance that highlights the fact that even when a ransom is paid, the ransomware gang often fails to delete the stolen information. LockBit is a prominent ransomware operation that first emerged in September 2019.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Manufacturing

How ATB Financial drives agile data ops with Collibra and GCP

Collibra

MARCH 23, 2021

ATB Financial provides a diversified set of financial services to more than 770,000 residents of Alberta, Canada. Being a regionally focused institution, the group is dedicated to knowing its customers intimately, understanding their needs and providing products and services that help them achieve their goals.

Cloud

Cloud Government Access Metadata

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Last Watchdog

APRIL 3, 2019

I had the chance at RSA 2019 to visit with Mike Kiser, global strategist at SailPoint , an Austin, TX-based supplier of IGA services to discuss this. Companies need a reliable way to know at all times where sensitive data is sitting, and who might be accessing it, in order to keep it out of the hands of threat actors, he said.

Digital transformation

Digital transformation Insurance Compliance Healthcare

More details about Operation Cronos that disrupted Lockbit operation

Security Affairs

FEBRUARY 20, 2024

Law enforcement also had access to data stolen from the victims of the ransomware operation, a circumstance that highlights the fact that even when a ransom is paid, the ransomware gang often fails to delete the stolen information. LockBit is a prominent ransomware operation that first emerged in September 2019.

Energy and Utilities

Energy and Utilities Ransomware Manufacturing Agriculture

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

OCTOBER 4, 2018

As of Tuesday, September 4, 2018, covered entities are required to be in compliance with additional requirements relating to: Audit Trail (Section 500.06); Application Security (Section 500.08); Limitations on Data Retention (Section 500.13); Monitoring of Authorized Users (Section 500.14(a)); Limitations on Data Retention (500.13).

Cybersecurity

Cybersecurity Encryption Financial Services Compliance

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

Security Affairs

MARCH 19, 2020

For example, in February 2019 Trend Micro detected a variant that includes a new module used for Remote App Credential-Grabbing. ” The module appears to be under development, but experts pointed out that threat actors already used it to target organizations, mostly in telecoms, education, and financial services sectors.

Financial Services

Financial Services Education Communications IT

SEC announces sanctions against entities over email account hacking

Security Affairs

SEPTEMBER 1, 2021

The sanctioned entities are Cetera (Advisor Networks, Investment Services, Financial Specialists, Advisors, and Investment Advisers), Cambridge Investment Research (Investment Research and Investment Research Advisors), and KMS Financial Services.

Financial Services

Financial Services Cybersecurity Cloud Security

California IT service provider Synoptek pays ransom after Sodinokibi attack

Security Affairs

JANUARY 5, 2020

The gang behind the Sodinokibi ransomware has been very active in the US in recent weeks, in December, CyrusOne, one of the major US data center provider, was hit by the same ransomware. ” T he IT service provider confirmed the attack but did not comment on whether it paid the ransom asked by the crooks.

IT

IT Ransomware Financial Services Retail

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

Major data breaches in recent years are spurring state legislators and regulators across the US into action. Of particular concern to state-level policymakers and enforcement authorities are business practices that in their view may contribute to security incidents. More states are sure to follow.

Insurance

Insurance Cybersecurity Data breaches Financial Services

Summary – “Industry in One: Financial Services”

ARMA International

NOVEMBER 7, 2019

This article summarizes a report published by AIEF on June 26, 2019. Additionally, the article is included in Information Management Magazine, ARMA-AIEF Special Edition , which will be available for download in mid-November. The scope of a records and information management (RIM) program in financial services can seem overwhelming.

Financial Services

Financial Services Communications Compliance Risk

Emissary Panda APT group hit Government Organizations in the Middle East

Security Affairs

MAY 30, 2019

defense contractors , financial services firms, and a national data center in Central Asia. In April 2019, the group targeted organizations of two different countries in the Middle East. The report by the Saudi Cyber Security Centre suggests threat actors are primarily targeting organizations within the kingdom.

Government

Government Financial Services Security Cybersecurity

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

OCTOBER 4, 2018

As of Tuesday, September 4, 2018, covered entities are required to be in compliance with additional requirements relating to: Audit Trail (Section 500.06); Application Security (Section 500.08); Limitations on Data Retention (Section 500.13); Monitoring of Authorized Users (Section 500.14(a)); Limitations on Data Retention (500.13).

Cybersecurity

Cybersecurity Encryption Financial Services Compliance

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

OCTOBER 4, 2018

As of Tuesday, September 4, 2018, covered entities are required to be in compliance with additional requirements relating to: Audit Trail (Section 500.06); Application Security (Section 500.08); Limitations on Data Retention (Section 500.13); Monitoring of Authorized Users (Section 500.14(a)); Limitations on Data Retention (500.13).

Cybersecurity

Cybersecurity Encryption Financial Services Compliance

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

In 2019, we saw regulators put a renewed focus on how long businesses retain personal information. This sends a clear message that organisations can no longer ignore their obligations relating to data retention. Over in Denmark, the Danish data protection authority also imposed fines against two companies.

Privacy

Privacy Compliance Personal data Risk

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

Data Matters

OCTOBER 8, 2020

Ransomware attacks use malware, often injected through phishing schemes, to encrypt a victim’s data files or programs, followed by a ransom demand by the threat actor that offers the decryption key in exchange for payment. Payment is often demanded in bitcoin, and thus third-party services are often used to make such payments.

Ransomware

Ransomware Compliance Risk Government

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

ARMA International

AUGUST 2, 2019

On July 22, 2019, the Federal Trade Commission (FTC) announced that it had reached a proposed settlement. with Equifax in connection with a 2017 data breach that exposed sensitive, personal data of around 147 million people. Social Security numbers) and says that such tokenized data was not exposed.

Cloud

Cloud Data breaches Encryption Access

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

In 2019, we saw regulators put a renewed focus on how long businesses retain personal information. This sends a clear message that organisations can no longer ignore their obligations relating to data retention. Over in Denmark, the Danish data protection authority also imposed fines against two companies.

Privacy

Privacy Compliance Personal data Risk

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. Data breach litigation risks. Data breach litigation may reach a turning point in 2018.

Privacy

Privacy Cybersecurity Data breaches GDPR

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

The EBA’s June 2019 opinion on the elements of strong customer authentication under the second Payment Services Directive clarified that information displayed on a payment card, such as the card verification number (known as the “CVV”), cannot be used as a knowledge or possession element for the purposes of SCA.

Authentication

Authentication Paper Risk Insurance

Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital

Security Affairs

SEPTEMBER 9, 2023

The cybercrime group claims to have stolen 1 TB of data from the hospital and threatens to leak it. The message published by the gang on its leak site emphasizes that they didn’t encrypt data to avoid causing malfunctions to the hospital’s medical equipment. Expect for the updates and keep your privacy in your own hands."

Ransomware

Ransomware Phishing Encryption Privacy

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

Security Affairs

MAY 24, 2023

Iran-linked threat actor Tortoiseshell targeted shipping, logistics, and financial services companies in Israel with watering hole attacks. The activity of the APT group was first detailed by Symantec in 2019, the experts analyzed a series of attacks against IT providers in Saudi Arabia and US entities.

Financial Services

Financial Services Security Cybersecurity IT

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

The campaign, dubbed PerSwaysion due to the extensive abuse of Microsoft Sway, has been active since at least mid-2019 and was attributed to Vietnamese speaking developers and Nigerian operators. ?ybercriminals Group-IB continues to work with the relevant parties in local countries to inform the affected companies of the breach.

Phishing

Phishing Financial Services Cloud Authentication

Weekly podcast: banks, Thomas Cook, London cyber court and Facebook

IT Governance

JULY 13, 2018

This week, we discuss operational resilience in the banking and financial market infrastructures sectors, a data breach affecting Thomas Cook subsidiaries, London’s proposed new court building and the latest development in the Facebook/Cambridge Analytica scandal. Here are this week’s stories. Here are this week’s stories.

Business Services

Business Services Marketing Data breaches Paper

India’s Digital Future Is Bright

Thales Cloud Protection & Licensing

DECEMBER 23, 2019

According to the 2019 Thales Data Threat Report-India Edition , digital transformation is well underway in India, with 41% of Indian respondents saying they are either aggressively disrupting the markets they participate in or embedding digital capabilities that enable greater organizational agility. On the contrary.

Digital transformation

Digital transformation Cloud Encryption Data Privacy

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. With evolving attack methodologies due to machine learning, quantum computing, and sophisticated nation-state hackers, security startups are receiving record funding.

Cybersecurity

Cybersecurity Cloud Compliance Analytics

Iran announced to have foiled a second cyber-attack in a week

Security Affairs

DECEMBER 15, 2019

????? ? ??? ?? ?????? ?? ??????? ????? ???? ??? ??????? ????? ??????? ?????? ??? ???????? ? ?????? ?????? ???? ?? ????? ?? — MJ Azari Jahromi (@azarijahromi) December 15, 2019. defense contractors , financial services firms, and a national data center in Central Asia.

Government

Government Financial Services IT Security

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Webinars

Trending Sources

First American Financial Pays Farcical $500K Fine

Webinars

New York State Expected to Increase Enforcement of Cybersecurity Practices

Law enforcement operation seized Ragnar Locker group’s infrastructure

American Insurance firm State Farm victim of credential stuffing attacks

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Mastercard data breach affected Priceless Specials loyalty program

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Risk Management under the DORA Regulation

NYDFS settles cybersecurity regulation matter for $1.8 million

NYDFS settles cybersecurity regulation matter for $3 million

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

New York SHIELD Act $600,000 settlement

New York Enacts Stricter Data Cybersecurity Laws

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

How ATB Financial drives agile data ops with Collibra and GCP

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

More details about Operation Cronos that disrupted Lockbit operation

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations

SEC announces sanctions against entities over email account hacking

California IT service provider Synoptek pays ransom after Sodinokibi attack

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

Summary – “Industry in One: Financial Services”

Emissary Panda APT group hit Government Organizations in the Middle East

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Privacy and Cybersecurity Top 10 for 2018

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Weekly podcast: banks, Thomas Cook, London cyber court and Facebook

India’s Digital Future Is Bright

Top Cybersecurity Startups to Watch in 2022

Iran announced to have foiled a second cyber-attack in a week

Stay Connected