Data Matters

JULY 30, 2018

In October 2017, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law. On May 3, 2018, South Carolina became the first state to enact this Model Law, in the form of the South Carolina Insurance Data Security Act (H.B.

Insurance 60

Insurance Security Cybersecurity Data breaches 60

IT Governance

JANUARY 9, 2020

Almost everyone wants to know what the future has in store – particularly when it comes to cyber security. With that in mind, Geraint Williams, IT Governance’s chief information security officer, discusses his cyber security predictions in the upcoming year. Ransomware will continue to increase.

Security 97

Security IoT Phishing Ransomware 97

Krebs on Security

JUNE 18, 2021

Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000. The SEC says First American derives nearly 92 percent of its revenue from its title insurance segment, earning $7.1 This week, the U.S. First American Financial Corp.

Insurance 282

Insurance Risk Financial Services Mining 282

Security Affairs

AUGUST 21, 2020

The University of Utah admitted to have paid a $457,059 ransom in order to avoid having ransomware operators leak student information online. University of Utah officials explained that the university’s cyber insurance policy covered part of the ransom. ” reads a press release published by the University.

Ransomware 145

Ransomware Insurance Encryption Information Security 145

Data Matters

AUGUST 27, 2020

In almost the first three quarters of 2020, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) has settled three cases related to alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”), totaling $1,165,000. On March 3, 2020 , Steven A.

Compliance 66

Compliance Security Risk Encryption 66

IT Governance

DECEMBER 14, 2021

With organisations’ cyber security requirements becoming more complex and the threat of cyber attacks growing each year, many decision-makers are turning towards cyber security as a service. This approach, also known as managed cyber security, works by outsourcing cyber security to a third party.

Security 129

Security Insurance Data breaches Information Security 129

Security Affairs

JULY 21, 2021

Experts found a DB containing sensitive health insurance data belonging to customers of US insurance giant Humana. An SQL database containing what appears to be highly sensitive health insurance data of more than 6,000 patients has been leaked on a popular hacker forum. Drug prescription listings). Who had access to the data?

Insurance 115

Insurance Passwords Libraries Access 115

Security Affairs

APRIL 29, 2024

The fines come as a result of the Notices of Apparent Liability (NAL) issued by the FCC against AT&T, Sprint, T-Mobile, and Verizon in February 2020. The Communications Act mandates that telecommunications carriers safeguard the confidentiality of specific customer data, including location information, about telecommunications services.

Insurance 106

Insurance Communications Access IT 106

Security Affairs

JUNE 2, 2023

In April, the non-profit health insurer Point32Health took systems offline in response to a ransomware attack that took place on April 17. The insurer immediately launched an investigation into the incident with the help of third-party cybersecurity experts to determine the extent of the incident. between June 2020 and present.

Ransomware 93

Ransomware Insurance Data breaches Cybersecurity 93

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance 40

Insurance Cybersecurity Data breaches Financial Services 40

Security Affairs

FEBRUARY 2, 2021

The security breach took place on or around September 29, 2020, attackers accessed the personal information of its employees. The company is not aware of misuse of the information contained within the downloaded files, it also added that it has not found the stolen files online.

Data breaches 116

Data breaches Insurance Access Security 116

The Last Watchdog

OCTOBER 29, 2018

The headlines immediately attempted to lay the blame, in large part, on the fact that Equifax’s chief information security officer was a music major and did not have a background in technology. The technologies existing in 2018 will undoubtedly differ from those that exist in 2020. Equifax was not special in this regard.

Security 164

Security Data Privacy Privacy Data breaches 164

Data Matters

JUNE 24, 2021

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information. SEC Statement and Guidance on Public Company Cybersecurity Disclosures.

Cybersecurity 66

Cybersecurity Financial Services Risk Compliance 66

Security Affairs

OCTOBER 24, 2021

Threat actors are also offering a file containing information from 2020 to those that will buy the database. As a bonus to the purchase, a file with information from 2020 is offered. The seller himself claims that he received information from an insider in the traffic police.” ” continues the post.

Sales 105

Sales Insurance Analytics Authentication 105

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. What’s more, Syrén seemed to downplay the severity of the exposure.

Security 348

Security Ransomware Agriculture Cybersecurity 348

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. GDPR (among other legal requirements in the EU and elsewhere) can expose multinational organizations to hefty financial penalties, additional rules for disclosing data breaches, and increased scrutiny of the adequacy of their data security.

Data Privacy 145

Data Privacy Compliance Privacy Security 145

Security Affairs

OCTOBER 4, 2020

Apple addresses four vulnerabilities in macOS Google removes 17 Joker -infected apps from the Play Store Microsoft took down 18 Azure AD apps used by Chinese Gadolinium APT Mount Locker ransomware operators demand multi-million dollar ransoms Putin proposes new information security collaboration to US, including no-hack pact for election REvil ransomware (..)

Security 97

Security Ransomware Insurance Information Security 97

Hunton Privacy

OCTOBER 25, 2022

On October 24, 2022, the UK Information Commissioner’s Office (“ICO”) issued a £4.4 million fine to Interserve Group Limited for failing to keep employee personal data secure, which violates Article 5(1)(f) and Article 32 of the EU General Data Protection Regulation (“GDPR”), during the period of March 2019 to December 2020.

Security 97

Security Personal data GDPR Insurance 97

IT Governance

NOVEMBER 6, 2023

While investigating the incident, it discovered that confidential consumer information had been accessed by an unauthorised third party. It secured its systems, notified law enforcement and began investigating the incident. Records breached: 815,000,000 Milford Management Corp. Boeing is “assessing the claim”.

Data Privacy 76

Data Privacy Privacy Security Libraries 76

Security Affairs

SEPTEMBER 1, 2020

The Iranian hacker group has been attacking corporate VPNs over the past months, they have been hacking VPN servers to plant backdoors in companies around the world targeting Pulse Secure , Fortinet , Palo Alto Networks , and Citrix VPNs. .” ” reads the report published by Crowdstrike. ” continues the report.

Access 100

Access Financial Services Retail Insurance 100

Security Affairs

MAY 9, 2020

” Between January 30 and April 30, 2020, the researchers observed three SilverTerrier groups launching ten COVID-19-themed malware campaigns, some of them also targeted organizations involved in the COVID-19 response. .” “On April 8, 2020, we witnessed the most recent campaign by this actor. billion in global losses.

Government 68

Government Energy and Utilities Insurance Phishing 68

Security Affairs

APRIL 24, 2020

pic.twitter.com/0gykQl53Ft — Under the Breach (@underthebreach) April 23, 2020. Experts from BadPackets pointed out that attackers might have exploited the Pulse Secure VPN CVE-2019-11510 to compromise the company. link] — Bad Packets Report (@bad_packets) April 23, 2020. – The company is traded on NASDAQ.

Ransomware 106

Ransomware Insurance Data breaches Encryption 106

Security Affairs

FEBRUARY 26, 2021

Our online security team has uncovered a massive data breach originating from a misconfigured Amazon Bucket, which was operated by a Turkish Legal advising company, INOVA YÖNETIM & AKTÜERYAL DANI?MANLIK. Inova is an actuarial consultancy company, which means they compile statistical analysis and calculate insurance risks and premiums.

Data breaches 106

Data breaches Insurance Paper Access 106

Security Affairs

OCTOBER 8, 2020

The data leak was first reported on May 30, 2020, the data have been posted online by the collective KelvinSecTeam. The availability of the data on the dark web could pose organizations to serious risk, threat actors could use this data to carry out multiple malicious attacks. Airlink International U.A.E. ” reported the media.

Insurance 130

Insurance Cybersecurity Communications Risk 130

Security Affairs

JUNE 10, 2021

The number of scam and phishing violations detected by Group-IB in Europe in 2020 increased by 39% compared to the previous year. For example, a scheme of fake branded social media accounts (typical of the financial sector) affected over 500 fake accounts per bank on average in 2020. million in one year .

Phishing 105

Phishing Retail Insurance Risk 105

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services 66

Financial Services Cybersecurity Insurance Risk 66

HL Chronicle of Data Protection

FEBRUARY 25, 2020

It applies to any “Covered Entity,” which is defined broadly to include “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law.”

Cybersecurity 104

Cybersecurity Financial Services Data breaches Insurance 104

Security Affairs

NOVEMBER 29, 2020

“At this stage, Sopra Steria has not identified any leaked data or damage caused to its customers’ information systems.” “The secure remediation plan launched on 26 October is nearly complete. . “The secure remediation plan launched on 26 October is nearly complete. ” states the company.

Ransomware 108

Ransomware Insurance Sales Cybersecurity 108

Security Affairs

NOVEMBER 8, 2020

Luxottica disclosed a security breach in the appointment scheduling application that took place on August 5, 2020. “On August 9, 2020, Luxottica learned of the incident, contained it, and immediately began an investigation to determine the extent of the incident. . Luxottica Group S.p.A.

Data breaches 80

Data breaches Insurance Retail Ransomware 80

Security Affairs

APRIL 6, 2020

The digital wallet application Key Ring recently exposed information from its 14 million users. ” It is not clear how long the information remained exposed online, according to vpnMentor at least since January when they first spotted the unsecured bucket. ” continues the report.

Retail 108

Retail Encryption Insurance Passwords 108

Security Affairs

MAY 1, 2020

The hackers claim to have compromised the Banco BCR’s network in August 2019, and had the opportunity to exfiltrate its information before encrypting the files. According to Maze, the bank’s network remained unsecured at least since February 2020. Banco BCR has yet to disclose the security breach.

Ransomware 140

Ransomware Encryption Insurance Data breaches 140

Security Affairs

APRIL 8, 2021

While the source of the breach remains unclear, the exposed records show that two card shop users attempted to inject a malicious script searching for website vulnerabilities in the contact information field. January 2020, the cardshop’s records were leaked on an underground forum. ever since.

Passwords 109

Passwords Insurance Personal data Sales 109

Data Protection Report

APRIL 7, 2022

On September 1, 2020, PlanetArt purchased substantially all the CafePress assets from Residual Pumpkin (the former owner). According to the FTC complaint, CafePress “failed to provide reasonable security for the Personal Information stored on its network.” In addition, CafePress stated that it was in compliance with the U.S.-E.U.

Privacy 114

Privacy Compliance Insurance Data collection 114

Data Protection Report

FEBRUARY 8, 2022

According to the settlement agreement, the threat actor obtained access to the EyeMed email account on approximately June 24, 2020 and not only obtained access to six years’ worth of information, but also began sending 2,000 phishing emails on July 1. EyeMed blocked the threat actor’s access on July 1.

Passwords 98

Passwords Financial Services Authentication Insurance 98

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. NSC), relating to violations of three different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2020. NYDFS Cybersecurity Regulation.

Cybersecurity 94

Cybersecurity Financial Services Phishing Compliance 94

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. Those emails came to the attention of EyeMed’s IT department and also its customers, who complained.

Cybersecurity 52

Cybersecurity Personal data Risk Financial Services 52

Security Affairs

SEPTEMBER 10, 2020

US-based supplier of video delivery software solutions, SeaChange International, revealed that a ransomware attack disrupted its operations in Q1 2020. SeaChange International, a US-based supplier of video delivery software solutions, revealed that a ransomware attack has disrupted its operations during the first quarter of 2020.

Ransomware 69

Ransomware Data breaches Insurance Encryption 69