Hunton Privacy

JULY 1, 2022

Since Carnival was licensed by the Department to sell insurance in NY State, it was treated as a covered entity under the Cybersecurity Regulation. In addition to the monetary penalty of $5 million, NYDFS also accepted Carnival’s surrender of its insurance producer license; thus, Carnival has ceased selling insurance in New York.

Cybersecurity 115

Cybersecurity Insurance Phishing Financial Services 115

Krebs on Security

AUGUST 17, 2023

Security experts investigating 16Shop found the service used an application programming interface (API) to manage its users, an innovation that allowed its proprietors to shut off access to customers who failed to pay a monthly fee, or for those attempting to copy or pirate the phishing kit. Image: ZeroFox.

Phishing 189

Phishing Passwords Insurance Data breaches 189

IT Governance

NOVEMBER 6, 2023

According to the security company Resecurity , which discovered the listing, the data included victims’ name, age, gender, address, passport number and Aadhaar number (a 12-digit government identification number). It secured its systems, notified law enforcement and began investigating the incident. Boeing is “assessing the claim”.

Data Privacy 76

Data Privacy Privacy Security Libraries 76

Data Matters

FEBRUARY 25, 2021

This follows the FCA’s announcement in its 2020-21 business plan that payment services were one of its main supervisory priorities 1 and its temporary guidance of July 9, 2020, on prudential risk management and safeguarding in light of the COVID-19 pandemic ( Temporary COVID Guidance ). its Perimeter Guidance Manual (PERG).

Authentication 66

Authentication Paper Risk Insurance 66

Security Affairs

OCTOBER 24, 2021

Stolen data spans from 2006 and 2019, local media outlets have confirmed their authenticity. Threat actors are also offering a file containing information from 2020 to those that will buy the database. As a bonus to the purchase, a file with information from 2020 is offered. ” continues the post. Pierluigi Paganini.

Sales 104

Sales Insurance Analytics Authentication 104

The Last Watchdog

AUGUST 19, 2021

This stolen booty reportedly included social security numbers, phone numbers, names, home addresses, unique IMEI numbers, and driver’s license information. This further reinforces that doing security correctly at any organization is a cultural characteristic. Josh Shaul, CEO, Allure Security. We all know security is hard.

Data breaches 306

Data breaches Authentication Access Personal data 306

IT Governance

MAY 5, 2020

Coronavirus continues to dominate the cyber security landscape (and pretty much every other part of our lives), with cyber criminals cashing in on the disruption. See also: Catches of the month for April 2020 Catches of the month for March 2020 Catches of the month for February 2020 3.

Phishing 71

Phishing Government Insurance Data breaches 71

Hunton Privacy

JUNE 22, 2020

On July 1, 2020, amendments to Vermont’s data breach notification law, signed into law earlier this year, will take effect along with Vermont’s new student privacy law. Security Breach Notice Act. Where a breach is limited to login credentials for an online account other than an email account, notice may be provided electronically.

Data breaches 107

Data breaches Privacy Education Data Privacy 107

Data Matters

MARCH 28, 2022

Department of Health and Human Service’s Office for Civil Rights (“OCR”) issued industry guidance for Health Insurance Portability and Accountability Act (“HIPAA”) regulated entities to take preventative steps to protect against some of the more common, and often successful, cyber-attack techniques. On March 17, 2022, the U.S.

Cybersecurity 86

Cybersecurity Privacy Insurance Risk 86

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance 40

Insurance Cybersecurity Data breaches Financial Services 40

Data Protection Report

FEBRUARY 8, 2022

The latter is the 2019 data security law known as the Stop Hacks and Improve Electronic Data Security (SHIELD) Act. When you enter personal information on our Site, we encrypt transmissions involving such information using secure protocols.” EyeMed neither admitted nor denied the AG’s findings in the settlement. Background.

Passwords 98

Passwords Financial Services Authentication Insurance 98

KnowBe4

MARCH 28, 2023

Security awareness training still has a place to play here." Email and other elements of software infrastructure offer built-in fundamental security that largely guarantees we are not in danger until we ourselves take action," Tyson writes. back in 2020. Is the email enticing you to click on a link?'

Phishing 83

Phishing Security awareness Insurance Cybersecurity 83

Security Affairs

MAY 13, 2021

The Darkside ransomware gang first emerged in the threat landscape in August 2020, in recent months the group was very active and targeted organizations worldwide. Require multi-factor authentication for remote access to OT and IT networks. 3 ],[ 4 ]” reads the joint alert.

Ransomware 117

Ransomware Phishing Encryption Risk 117

Krebs on Security

JUNE 1, 2023

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. “Why do I need a certificate? WHO IS MEGATRAFFER?

Healthcare 243

Healthcare Passwords Sales Ransomware 243

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity 104

Cybersecurity Financial Services Data breaches Insurance 104

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. The settlement requires EyeMed to pay $4.5 million, among other things. Background. million.

Cybersecurity 52

Cybersecurity Personal data Risk Financial Services 52

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. NSC), relating to violations of three different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2020. NYDFS Cybersecurity Regulation.

Cybersecurity 94

Cybersecurity Financial Services Phishing Compliance 94

eSecurity Planet

OCTOBER 5, 2021

Passwords are the most common authentication tool used by enterprises, yet they are notoriously insecure and easily hackable. But even when passwords are secure, it’s not enough. At this point, multi-factor authentication (MFA) has permeated most applications, becoming a minimum safeguard against attacks. MFA can be hacked.

Authentication 104

Authentication Passwords Access Computer and Electronics 104

Data Matters

DECEMBER 2, 2020

On November 20, 2020, the Singapore Personal Data Protection Commission (PDPC) published a set of draft advisory guidelines (the Advisory Guidelines) to provide clarification on recent amendments to the Personal Data Protection Act (the PDPA Amendments). private key used to authenticate or sign an electronic record or transaction.

Data Privacy 72

Data Privacy Privacy Data breaches Personal data 72

Hunton Privacy

MAY 9, 2019

Further, the expanded definition now includes “username or email address in combination with a password or security questions and answers that would permit access to an online account” (without an individual’s name). The amendments take effect March 1, 2020. Method of Notification.

Data breaches 68

Data breaches Passwords Insurance Military 68

Data Protection Report

APRIL 2, 2020

On March 10, 2020, the New York Department of Financial Services (NYDFS) issued guidance to all of its regulated institutions engaged in virtual currency business activity, requiring them to have plans for preparedness to manage the possible operational and financial risks posed by the COVID-19 pandemic.

Risk 59

Risk Communications Authentication Financial Services 59

Hunton Privacy

JUNE 6, 2019

The Bill, which takes effect January 1, 2020, amends the Oregon Consumer Identity Theft Protection Act (“OCITPA”) by enhancing the breach notification requirements applicable to third-party vendors. On May 24, 2019, Oregon Governor Kate Brown signed Senate Bill 684 (the “Bill”) into law.

Data breaches 48

Data breaches Insurance Authentication Compliance 48

eSecurity Planet

SEPTEMBER 14, 2022

billion in reported losses, up from 2020’s 791,790 complaints and $4.2 Finance and insurance finished a close second at 22.4%. Finance and insurance companies were particularly vulnerable to the sort of phishing scams we’re talking about. In 2020 alone, 79 ransomware attacks were conducted against government entities in the U.S.,

Energy and Utilities 120

Energy and Utilities Phishing Blockchain Cybersecurity 120

Thales Cloud Protection & Licensing

JULY 21, 2022

Security breaches in this sector can be incredibly disruptive to society and are attracting considerable attention from governments and regulatory bodies around the world. When tackling these security challenges, the human element is the most important factor. The effects of cyberattacks on critical infrastructure can be catastrophic.

Energy and Utilities 71

Energy and Utilities Ransomware IoT Risk 71

Adam Levin

NOVEMBER 17, 2020

And like everything else in 2020, these next few weeks promise to be a disaster. Be similarly wary of turning over your address, phone number or, worse, Social Security number , to unsolicited callers. Browse online using secure networks. This designation signifies that the site has a Secure Sockets Layer ( SSL ) certificate.

Retail 97

Retail e-Delivery Passwords Phishing 97

ForAllSecure

MAY 17, 2023

Chris Gray of Deep Watch talks about the view from the inside of a virtual SOC, the ability to see threats against a large number of SMB organizations, and the changes to cyber insurance we’re seeing as a result. A lot of SMBs do not have security operations centers or SOCs. They can provide that additional security, remotely.

Insurance 40

Insurance Privacy Ransomware GDPR 40

DLA Piper Privacy Matters

MAY 5, 2020

Adjacent to these initiatives, the European Data Protection Board (“EDPB”) recently published draft guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications. Personal data may be processed for a wide variety of purposes such as driver safety, insurance and efficient transportation.

Privacy 69

Privacy Personal data GDPR Insurance 69

Data Protection Report

JANUARY 7, 2019

Entities covered by the Regulation, which includes not only banks and insurers, but also other financial service institutions and licensees regulated by the DFS that utilize third-party service providers, will be required to implement third-party risk management programs by March 1. Third-party service provider risk management program.

Cybersecurity 40

Cybersecurity Compliance Financial Services Risk 40

Thales Cloud Protection & Licensing

JULY 12, 2018

billion devices will be connected to the Internet by 2020 2. In this blog, and in one by my colleague Julie Lassabliere from Safelayer Secure Communications , we explore the need for trusted device identification and data integrity in the IoT. The IoT is not making the job of securing networks any easier.

IoT 72

IoT Encryption Agriculture Data collection 72

The Last Watchdog

MAY 24, 2021

Akamai, which happens to be the Hawaiian word for “smart,” recently released its annual State of the Internet security report. In 2020, it saw 193 billion credential stuffing attacks globally, with 3.4 Meanwhile, threat actors’ siege on web applications surged 62 percent in 2020 vs. 2019: Akamai observed nearly 6.3

Financial Services 178

Financial Services Passwords Data breaches Authentication 178

Data Matters

JUNE 11, 2019

A “verified request” means a request “submitted by a consumer…for which an operator can reasonably verify the authenticity of the request and the identity of the consumer using commercially reasonable means.”).

Privacy 75

Privacy Sales Insurance Manufacturing 75

IT Governance

AUGUST 6, 2019

Almost a third of these make it past default security systems, leaving your organisation in a permanently perilous situation. Universities are a prime target for phishing scams, because they process vast amounts of personal data and often have insufficient cyber security measures. Your employees receive an average of 4.8

Phishing 68

Phishing Personal data Access Passwords 68

Data Matters

OCTOBER 24, 2019

If a business collects personal information to verify, it must use it only for the purpose of verification or for security or fraud prevention, and it must delete the information as soon as practical after processing the request.) Need for Security Measures. available technology for verification. available technology for verification.

Privacy 60

Privacy Sales Passwords Authentication 60

HL Chronicle of Data Protection

OCTOBER 21, 2019

Regulators, industry experts, and researchers provided insight into health privacy and security enforcement trends, emerging threats, and new tools at a recent conference focused on the Health Insurance Portability and Accountability (HIPAA) regulatory framework. HHS Security Risk Assessment Tool. Emerging Trends in Breaches.

Risk 40

Risk Compliance Privacy Access 40

Data Matters

MAY 6, 2022

Digital health companies should take note of new data privacy and security developments under the Health Insurance Portability and Accountability Act (HIPAA) that can affect product planning and customer negotiations. RFI Regarding Recognized Security Practices.

Risk 86

Risk Cybersecurity Insurance Authentication 86

Krebs on Security

DECEMBER 13, 2021

On May 10, one of the hospitals detected malicious activity on its Microsoft Windows Domain Controller, a critical “keys to the kingdom” component of any Windows enterprise network that manages user authentication and network access. The HSE Security Operations team requested that the Server team restart servers.

Ransomware 269

Ransomware Cybersecurity Phishing Security 269

Krebs on Security

SEPTEMBER 2, 2021

The data in this story come from a trusted source in the security industry who has visibility into a network of hacked machines that fraudsters in just about every corner of the Internet are using to anonymize their malicious Web traffic. mail server responds “OK” = successful access).

Authentication 294

Authentication Passwords Access Search queries 294