Data Matters

FEBRUARY 10, 2021

2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. According to NYDFS, the incorporation of these practices should be proportionate to each insurer’s size, resources, geographic distribution, and other factors. The Framework.

Insurance 77

Insurance Financial Services Cybersecurity Risk 77

Security Affairs

JUNE 12, 2021

Volkswagen America discloses a data breach at a third-party vendor that exposed the personal details of more than 3.3 Volkswagen America discloses a data breach suffered by a third-party vendor used by the car vendor for sales and marketing purposes. The security breach affected a subsidiary Audi and authorized dealers in the U.S.

Data breaches 126

Data breaches Sales Insurance Marketing 126

Security Affairs

NOVEMBER 13, 2020

Vertafore announced that information of 27.7 million Texas drivers has been exposed in a data breach caused by a human error. Vertafore announced that information of 27.7 The company disclosed this security breach this week, data was stored on an unsecured external storage service and they were accessed by an external party.

Data breaches 127

Data breaches Insurance Access Security 127

IT Governance

FEBRUARY 26, 2019

The shortest month of the year is over in a flash, but not before a significant number of data breaches and cyber attacks could take place. I count this month’s total of leaked records to be 692,853,046, bringing 2019’s total to 2,462,038,109. School District computer system; most data recovered, superintendent says.

Data breaches 109

Data breaches Sales Phishing Ransomware 109

Security Affairs

OCTOBER 24, 2021

The threat actors claim to have obtained the data from an insider in the local police, they published a sample of database records containing model of the car, its registration and VIN number, date of registration, engine power, name of the owner, date of birth, and phone number. . ” continues the post. . ” continues the post.

Sales 101

Sales Insurance Analytics Authentication 101

Data Protection Report

APRIL 30, 2024

The claims related to the company’s sharing personal data without consumer consent and making it very difficult for consumers to cancel their subscriptions to this telehealth service. The order also requires that the company destroy personal data for which it had not received consent and to create a document retention and destruction policy.

Personal data 85

Personal data Privacy Information governance Compliance 85

Data Protection Report

APRIL 7, 2022

A third regulator has recently entered into a proposed consent that includes a $500,000 fine based in part on a company’s over-retention of personal data for longer than it was needed. The first regulator was the French data protection authority, the CNIL, in 2021, which we wrote about here. emphasis supplied).

Privacy 114

Privacy Compliance Insurance Data collection 114

IT Governance

NOVEMBER 6, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. When MOVEit was hacked by the Russian Cl0p ransomware gang in May, email addresses and links to government employee surveys were compromised.

Data Privacy 74

Data Privacy Privacy Security Libraries 74

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance 40

Insurance Cybersecurity Data breaches Financial Services 40

Security Affairs

JANUARY 18, 2023

On December 12, 2022, the Cybernews research team discovered a publicly accessible database with 260GB of sensitive personal data belonging to myrocket.co, offering ‘end-to-end’ recruitment solutions and HR services for companies in India. Treasure trove of data. The discovered database was not protected by authentication.

Privacy 87

Privacy Insurance Personal data Access 87

Hunton Privacy

FEBRUARY 29, 2024

It filed a breach report with OCR in February 2019, which then investigated the organization’s data practices starting in December 2019. This marks the second such settlement with a HIPAA-regulated entity for violations that were discovered following a ransomware attack, according to HHS.

Ransomware 111

Ransomware Personal data Risk Privacy 111

Security Affairs

DECEMBER 28, 2022

The chief executive of insurance giant Zurich warns that cyber attacks, rather than natural catastrophes, will become uninsurable. Mario Greco, chief executive of insurer giant Zurich, has warned that cyber attacks will become soon “uninsurable.”. What will become uninsurable is going to be cyber,” Mario Greco told the Financial Times.

Insurance 91

Insurance Risk Ransomware IT 91

Security Affairs

JANUARY 21, 2020

The US-based children’s clothing maker Hanna Andersson has disclosed a data breach that affected its customers. The US-based children’s clothing maker and online retailer Hanna Andersson discloses a data breach, attackers planted an e-skimmer on its e-commerce platform. Hannah Anderson was breached. Pierluigi Paganini.

Data breaches 105

Data breaches Retail Cloud Insurance 105

IT Governance

NOVEMBER 20, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. According to OPB, the district didn’t provide details, but said that “our student credentials may have been compromised as part of a security incident”.

Data Privacy 52

Data Privacy Privacy Data breaches Security 52

Data Protection Report

JUNE 2, 2021

million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019. This matter began when insurance affiliate #1, licensed by NYDFS, discovered a phishing email in September of 2018. NYDFS Cybersecurity Regulation.

Cybersecurity 71

Cybersecurity Insurance Financial Services Phishing 71

Security Affairs

APRIL 8, 2021

Group-IB , a global threat hunting and adversary-centric cyber intelligence company, discovered that user data of the Swarmshop card shop have been leaked online on March 17, 2021. The cardshop has been operating since at least April 2019, and by March 2021, it had more than 12K user base and over 600K payment card records on sale.

Passwords 108

Passwords Insurance Personal data Sales 108

IT Governance

DECEMBER 27, 2019

A royal baby, a fire at Notre-Dame, the highest grossing film of all time and more than 12 billion breached data records: 2019 has been quite a year. IT Governance is closing out the year by rounding up 2019’s biggest information security stories. million people – just under a third of the country’s population.

Data breaches 54

Data breaches GDPR Passwords Personal data 54

Security Affairs

NOVEMBER 8, 2020

A data breach suffered by Luxottica has exposed the personal and health information of patients of LensCrafters, Target Optical, and EyeMed. billion in revenue for 2019. The exposed financial data includes budgets, marketing forecast analysis, and other sensitive data. Luxottica Group S.p.A.

Data breaches 77

Data breaches Insurance Retail Ransomware 77

Security Affairs

OCTOBER 6, 2023

.” The Company states that its cybersecurity insurance will cover the financial losses and future expenses, however, the full scope of the costs and related impacts has yet to be determined.

Ransomware 120

Ransomware Insurance Cybersecurity IT 120

The Last Watchdog

APRIL 3, 2019

I had the chance at RSA 2019 to visit with Mike Kiser, global strategist at SailPoint , an Austin, TX-based supplier of IGA services to discuss this. Companies need a reliable way to know at all times where sensitive data is sitting, and who might be accessing it, in order to keep it out of the hands of threat actors, he said.

Digital transformation 140

Digital transformation Insurance Compliance Healthcare 140

Data Matters

JUNE 24, 2021

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information.

Cybersecurity 66

Cybersecurity Financial Services Risk Compliance 66

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity 104

Cybersecurity Financial Services Data breaches Insurance 104

Hunton Privacy

OCTOBER 25, 2022

On October 24, 2022, the UK Information Commissioner’s Office (“ICO”) issued a £4.4 million fine to Interserve Group Limited for failing to keep employee personal data secure, which violates Article 5(1)(f) and Article 32 of the EU General Data Protection Regulation (“GDPR”), during the period of March 2019 to December 2020.

Security 97

Security Personal data GDPR Insurance 97

Security Affairs

APRIL 24, 2020

The popular SeaChange video platform is the latest victim of the Sodinokibi Ransomware gang, which is threatening to leak the stolen data. The crew has published images of the data they claim to have stolen before encrypting the systems at the company. link] — Bad Packets Report (@bad_packets) April 23, 2020.

Ransomware 103

Ransomware Insurance Data breaches Encryption 103

Security Affairs

JUNE 5, 2019

Recovery agency for patient collections American Medical Collection Agency (AMCA) suffered a data breach that could impact many of its customers. American Medical Collection Agency (AMCA) suffered a data breach that could impact many of its customers, the company still hasn’t disclosed details. A filing with the U.S.

Data breaches 73

Data breaches Insurance Sales Security 73

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective.

Cybersecurity 40

Cybersecurity Compliance Financial Services Risk 40

Security Affairs

JUNE 20, 2019

Oregon Department of Human Services announced it was a victim of a data breach in January, roughly 645,000 potentially impacted. Oregon Department of Human Services officials confirmed that the organization has suffered a data breach that has exposed personal details and health information of 645,000 clients. Pierluigi Paganini.

Data breaches 74

Data breaches Phishing Insurance Risk 74

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services 66

Financial Services Cybersecurity Insurance Risk 66

Data Protection Report

FEBRUARY 8, 2022

In total, information for approximately 2.1 In total, information for approximately 2.1 The latter is the 2019 data security law known as the Stop Hacks and Improve Electronic Data Security (SHIELD) Act. EyeMed neither admitted nor denied the AG’s findings in the settlement. Background. SHIELD Act.

Passwords 98

Passwords Financial Services Authentication Insurance 98

Data Matters

AUGUST 5, 2019

The flurry of state legislative activity in the wake of the enactment of the California Consumer Protection Act (CCPA) continues with the New York legislature recently passing two bills to increase accountability for the processing of personal information. The Stop Hacks and Improve Electronic Data Security Act.

Cybersecurity 66

Cybersecurity Data breaches Privacy Risk 66

Security Affairs

MAY 1, 2020

Maze Ransomware operators claim to have hacked the network of the state-owned Bank of Costa Rica Banco BCR and to have stolen internal data, including 11 million credit card credentials. Banco BCR has yet to disclose the security breach. According to Maze, the bank’s network remained unsecured at least since February 2020.

Ransomware 136

Ransomware Encryption Insurance Data breaches 136

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. According to the consent order, the matter began when NSC reported a cybersecurity event to NYDFS on October 23, 2019. The second incident occurred in March of 2019.

Cybersecurity 94

Cybersecurity Financial Services Phishing Compliance 94

Security Affairs

SEPTEMBER 10, 2020

At the time of the attack, the ransomware operators published images of the data they claim to have stolen before encrypting the systems at the company. The news was also confirmed by the experts at the data breach notification service Under the Breach.

Ransomware 66

Ransomware Data breaches Insurance Encryption 66

Hunton Privacy

JUNE 6, 2019

On May 24, 2019, Oregon Governor Kate Brown signed Senate Bill 684 (the “Bill”) into law. The Bill extends those obligations to “vendors,” meaning any person with which a previously covered entity contracts to maintain, store, process or otherwise access personal information.

Data breaches 48

Data breaches Insurance Authentication Compliance 48

Data Protection Report

JULY 9, 2018

states have recently introduced and passed legislation to expand data breach notification rules and to mirror some of the protections provided by Europe’s newly enacted General Data Protection Regulation (“GDPR”). On the security front, as of March 2018, all 50 U.S. data protection laws that were passed in the last year.

GDPR 40

GDPR Data breaches Personal data Insurance 40

Security Affairs

JUNE 20, 2019

The Riviera Beach City, Florida, agreed to pay $600,000 in ransom to decrypt its data after a ransomware-based attack hit its computer system. The council has previously agreed to spend $941,000 to modernize the entire IT infrastructure after hackers broke into the city’s system three weeks ago, ecrypting data managed by the City.

Insurance 89

Insurance Ransomware Encryption Government 89

IT Governance

JULY 11, 2019

That’s a question more organisations are having to ask themselves nowadays, with at least 55 ransomware attacks reported in the first half of 2019. Prepare for an attack by backing up your data. If you don’t already have cyber insurance, it’s worth considering. But what’s the alternative? Find out what kind of ransomware it is.

Ransomware 88

Ransomware Insurance Encryption Paper 88