Financial Services, Information Security and Insurance

Toyota Financial Services discloses a data breach

Security Affairs

DECEMBER 11, 2023

Toyota Financial Services (TFS) disclosed a data breach, threat actors had access to sensitive personal and financial data. Toyota Financial Services (TFS) is warning customers it has suffered a data breach that exposed sensitive personal and financial data.

Financial Services

Financial Services Data breaches Ransomware Insurance

Medusa ransomware gang claims the hack of Toyota Financial Services

Security Affairs

NOVEMBER 17, 2023

Toyota Financial Services discloses unauthorized activity on systems after the Medusa ransomware gang claimed to have hacked the company. Toyota Financial Services confirmed the discovery of unauthorized activity on systems in a limited number of its locations. The company has yet to disclose a data breach.

Financial Services

Financial Services Ransomware Data breaches Insurance

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July.

Insurance

Insurance Data breaches Financial Services Passwords

Webinars

How to Achieve High-Accuracy Results When Using LLMs

Maximizing Profit and Productivity: The New Era of AI-Powered Accounting

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

U.S. banking regulators order banks to notify cybersecurity incidents in 36 hours

Security Affairs

NOVEMBER 20, 2021

Major cybersecurity incidents are attacks that impact operations of the victims or the stability of the US financial sector. The rule was approved by the Federal Reserve, Federal Deposit Insurance Corporation and Office of the Comptroller of the Currency. The rule aims at forcing banks to quickly respond to cybersecurity incidents.

Cybersecurity

Cybersecurity Financial Services Insurance Ransomware

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

The SEC says First American derives nearly 92 percent of its revenue from its title insurance segment, earning $7.1 Title insurance protects homebuyers from the prospect of someone contesting their legitimacy as the new homeowner. Title insurance is not mandated by law, but most lenders require it as part of any mortgage transaction.

Insurance

Insurance Risk Financial Services Mining

Toyota disclosed a data breach after ZeroSevenGroup leaked stolen data on a cybercrime forum

Security Affairs

AUGUST 20, 2024

In December 2023, Toyota Financial Services (TFS) warned customers it had suffered a data breach that exposed sensitive personal and financial data. Toyota Financial Services (TFS) is the finance arm of the Toyota Motor Corporation.

Data breaches

Data breaches Financial Services Archiving Passwords

A massive DDoS attack took down the site of the German financial agency BaFin

Security Affairs

SEPTEMBER 4, 2023

The German Federal Financial Supervisory Authority (BaFin) is the national financial regulator in Germany, it is a federal agency under the jurisdiction of the Federal Ministry of Finance. The BaFin is responsible for overseeing banks, insurance companies, investment firms, and other financial institutions.

Financial Services

Financial Services Military Insurance Marketing

Ransomware infected systems at Xchanging, a DXC subsidiary

Security Affairs

JULY 6, 2020

Xchanging is a business process and technology services provider and integrator, which provides technology-enabled business services to the commercial insurance industry. Xchanging is primarily an insurance managed services business that operates on a standalone basis.”

Ransomware

Ransomware Insurance Financial Services Manufacturing

Vermont Enacts Insurance Data Security Law

Hunton Privacy

JUNE 9, 2022

515 , making Vermont the twenty-first state to enact legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law (“MDL-668”). Information Security Program Requirements. On May 27, 2022, Vermont Governor Phil Scott signed H.515

Insurance

Insurance Security Information Security Cybersecurity

Oracle Critical Patch Update for January 2022 will fix 483 new flaws

Security Affairs

JANUARY 17, 2022

.” The CPU will address critical vulnerabilities in Oracle Essbase, Graph Server and Client, Secure Backup, Communications Applications, Communications, Construction and Engineering, Enterprise Manager, Financial Services Applications, Fusion Middleware, Insurance Applications, PeopleSoft, Support Tools, and Utilities Applications.

Communications

Communications Financial Services Big data Retail

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. 2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. Insurers should: Establish a Formal Cyber Insurance Risk Strategy.

Insurance

Insurance Financial Services Cybersecurity Risk

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

.” PIONEER KITTEN hackers to date have focused their attacks against entities in North American and Israeli, while targeted sectors include technology, government, defense, healthcare, aviation, media, academic, engineering, consulting and professional services, chemical, manufacturing, financial services, insurance, and retail. .

Access

Access Financial Services Retail Insurance

Infosys McCamish Systems data breach impacted over 6 million people

Security Affairs

JUNE 29, 2024

IMS specializes in providing business process outsourcing (BPO) and information technology (IT) services specifically tailored for the insurance and financial services industries. In this notice, Infosys McCamish explains that customers of Oceanview Life & Annuity Company were among those affected.

Data breaches

Data breaches e-Discovery Ransomware Insurance

Simplifying Compliance in the Complex U.S. FinServ Regulatory Landscape

Thales Cloud Protection & Licensing

JANUARY 16, 2025

However, as important as PCI may be, United States financial services organizations operate in one of the worlds most stringent and complex compliance landscapes. Understanding the US FinServ Compliance Landscape The US financial services industry is subject to a vast number of laws and regulations.

Compliance

Compliance Financial Services Encryption Insurance

Maze ransomware gang discloses data from drug testing firm HMR

Security Affairs

APRIL 8, 2020

“Consider contacting CIFAS (the UK’s Fraud Prevention Service) to apply for protective registration. Once you’ve registered, you should be aware that CIFAS members will do extra checks to see when anyone, including you, applies for a financial service, such as a loan, using your address.”

Ransomware

Ransomware Data breaches Encryption Financial Services

A massive phishing campaign using QR codes targets the energy sector

Security Affairs

AUGUST 16, 2023

Other top 4 targeted industries include Manufacturing, Insurance, Technology, and Financial Services seeing 15%, 9%, 7%, and 6% of the campaign traffic respectively.” Experts warn that the Energy sector was a major focus of this campaign, followed by manufacturing, and insurance. ” continues the report.

Phishing

Phishing Energy and Utilities Insurance Manufacturing

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

If malicious actors accessed the exposed data, the company could have faced devastating consequences and put their clients at risk, as financial services are the main target for cybercriminals. ICICI Bank’s response Threat to financial accounts Finance and insurance are one of the most targeted industries by cybercriminals.

Personal data

Personal data Phishing Risk Communications

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Last Watchdog

APRIL 3, 2019

Its customer base is comprised of eight of the top 15 banks, four of the top six healthcare insurance and managed care providers, nine of the top 15 property and casualty insurance providers, five of the top 13 pharmaceutical companies, and 11 of the largest 15 federal agencies. Compliance matters.

Digital transformation

Digital transformation Insurance Compliance Healthcare

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

are subject to laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), as well as regulations such as the Clinical Laboratory Improvements Amendments (CLIA). Healthcare Data Privacy Laws.

Data Privacy

Data Privacy Compliance Privacy Security

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity

Cybersecurity Financial Services Data breaches Information Security

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

Other government agencies, like the New York Department of Financial Services and the Federal Trade Commission, are also increasingly focused on the need for broad implementation of MFA. Like an incident response plan, MFA has become a critical element of cybersecurity programs.

Cybersecurity

Cybersecurity Financial Services Authentication Government

2024 Cybersecurity Laws & Regulations

eSecurity Planet

SEPTEMBER 21, 2024

Each of these regulations addresses different aspects of cybersecurity and data protection, making it essential for businesses and organizations to stay informed and proactive. The act also requires institutions to allow customers to opt out of having their information shared with non-affiliated third parties.

Cybersecurity

Cybersecurity Computer and Electronics Compliance Privacy

NYDFS settles cybersecurity regulation matter for $1.8 million

Data Protection Report

JUNE 2, 2021

On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Financial Services Phishing

Researchers shared the lists of victims of SolarWinds hack

Security Affairs

DECEMBER 22, 2020

Mediatek NetBios HTTP Backdoor 2020-08-26 Aeria NetBios HTTP Backdoor 2020-06-26 Ameri NetBios HTTP Backdoor 2020-08-02 ank.com Ankcom Communications NetBios HTTP Backdoor 2020-06-06 azlcyy NetBios HTTP Backdoor 2020-08-07 banccentral.com BancCentral Financial Services Corp. NetBios HTTP Backdoor 2020-07-03 barrie.ca

Communications

Communications Manufacturing Financial Services Security

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

NYDFS settles cybersecurity regulation matter for $3 million

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. NSC), relating to violations of three different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2020. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Financial Services Phishing Compliance

New York SHIELD Act $600,000 settlement

Data Protection Report

FEBRUARY 8, 2022

In total, information for approximately 2.1 According to the settlement agreement, these statements and the security practices described above violated New York’s laws on deceptive practices and the SHIELD Act. EyeMed notified affected individuals and offered credit monitoring, fraud consultation, identity theft restoration.

Passwords

Passwords Financial Services Authentication Insurance

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

FEBRUARY 25, 2019

This was because, as the complexity of business networks continued to intensify, so did the challenges of meeting data handling requirements under the Payment Card Industry Data Security Standard, the Health Insurance Portability and Accountability Act, the Sarbanes-Oxley Act, and the Federal Information Security Management Act.

Access

Access Government Authentication Data breaches

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

New York hospitals have new cybersecurity requirements

Data Protection Report

OCTOBER 23, 2024

The regulation includes elements of both the Health Insurance Portability and Accountability Act (HIPAA) and the New York Department of Financial Services (NYDFS) cybersecurity regulation.

Cybersecurity

Cybersecurity Risk Access Financial Services

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

Hunton Privacy

NOVEMBER 8, 2023

On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services (“NYDFS”) amended its Cybersecurity Regulation applicable to covered financial institutions. Our previous blog post covered key proposed changes to the Cyber Regulation.

Cybersecurity

Cybersecurity Compliance IT Financial Services

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

Data Matters

AUGUST 17, 2021

The Guidance is not intended to serve as a comprehensive framework but rather provides financial institutions with examples of effective risk management practices without endorsing any specific information security framework or standard. 1 The Federal Financial Institutions Examination Council is a U.S.

Authentication

Authentication Access Risk Information Security

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

The Safeguards Rule specifies that financial institutions subject to the FTC’s jurisdiction must develop, implement, and maintain a comprehensive information security program for handling customer data. Aligning the Safeguards Rule with State Regimes.

Privacy

Privacy IT Information Security Insurance

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Data Matters

APRIL 20, 2021

DOL guidance provides a series of questions that should serve as a starting point for this review and includes topics such as the service provider’s information security standards, track record, cybersecurity insurance coverage, and cybersecurity validation techniques.

Cybersecurity

Cybersecurity Insurance Risk Compliance

New York Announces Proposed Cybersecurity Regulation to Protect Consumers and Financial Institutions

Hunton Privacy

SEPTEMBER 15, 2016

The proposed regulation requires regulated financial institutions to take various actions, including: adopting a written cybersecurity policy; establishing a cybersecurity program; designating a Chief Information Security Officer to oversee and enforce its new program and policy; and.

Cybersecurity

Cybersecurity Financial Services Insurance Information Security

New York Banking Regulator Announces New Cybersecurity Assessment Process

Hunton Privacy

DECEMBER 11, 2014

On December 10, 2014, the New York State Department of Financial Services (the “Department”) announced that it issued an industry guidance letter to all Department-regulated banking institutions that formally introduces the Department’s new cybersecurity preparedness assessment process.

Cybersecurity

Cybersecurity Financial Services Insurance Information Security

HSBC Fined £3 Million ($5 Million) for Data Security Failings in UK

Hunton Privacy

JULY 22, 2009

The UK Financial Services Authority (FSA) has announced today fines for three HSBC entities totaling £3 million for failing to have adequate systems and controls in place to protect their customers’ confidential data. The fine is the highest to date in the UK and reflects a 30% discount for cooperating with the FSA.

Security

Security Insurance Data breaches Personal data

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

FEBRUARY 6, 2015

Almost half of the broker-dealers (47%) reportedly participate in information sharing organizations such as the Financial Services Information Sharing and Analysis Center. A majority of examined firms broker-dealers (93%) and advisers (79%) reported that they conduct cybersecurity risk assessments on periodic basis.

Cybersecurity

Cybersecurity Insurance Financial Services Risk

February 15 deadline looms for first DFS Cybersecurity Certification

Data Protection Report

FEBRUARY 8, 2018

February 15, 2018, is quickly approaching and any entity subject to New York’s cybersecurity regulation (23 NYCRR Part 500) must file its first annual certification of compliance with the New York State Department of Financial Services (DFS) by that date.

Cybersecurity

Cybersecurity Financial Services Compliance Insurance

India’s Digital Future Is Bright

Thales Cloud Protection & Licensing

DECEMBER 23, 2019

Banking, financial services, media, insurance, and e-commerce companies have the lead in transformational initiatives in India. While digital transformation is driving benefits to companies and their customers alike, it also introduces new challenges for information security professionals.

Digital transformation

Digital transformation Cloud Encryption Data Privacy

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

Source (New) Transport USA Yes 3,815 Okta Source 1 ; source 2 (Update) Cyber security USA Yes 3,800 Shah Dixit & Associates, P.C. Source (New) Finance USA Yes 3,494 Woodruff Sawyer Source (New) Insurance USA Yes 3,087 Blackburn College Source (New) Education USA Yes 3,039 CAIRE Inc.

Data Privacy

Data Privacy Privacy Security Data breaches

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020.

Cybersecurity

Cybersecurity Personal data Risk Access

Toyota Financial Services discloses a data breach

Medusa ransomware gang claims the hack of Toyota Financial Services

Webinars

Trending Sources

American Insurance firm State Farm victim of credential stuffing attacks

Webinars

U.S. banking regulators order banks to notify cybersecurity incidents in 36 hours

First American Financial Pays Farcical $500K Fine

Toyota disclosed a data breach after ZeroSevenGroup leaked stolen data on a cybercrime forum

A massive DDoS attack took down the site of the German financial agency BaFin

Ransomware infected systems at Xchanging, a DXC subsidiary

Vermont Enacts Insurance Data Security Law

Oracle Critical Patch Update for January 2022 will fix 483 new flaws

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Infosys McCamish Systems data breach impacted over 6 million people

Simplifying Compliance in the Complex U.S. FinServ Regulatory Landscape

Maze ransomware gang discloses data from drug testing firm HMR

A massive phishing campaign using QR codes targets the energy sector

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Multinational ICICI Bank leaks passports and credit card numbers

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

Security Compliance & Data Privacy Regulations

New York State Expected to Increase Enforcement of Cybersecurity Practices

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

2024 Cybersecurity Laws & Regulations

NYDFS settles cybersecurity regulation matter for $1.8 million

Researchers shared the lists of victims of SolarWinds hack

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

NYDFS settles cybersecurity regulation matter for $3 million

New York SHIELD Act $600,000 settlement

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

New York hospitals have new cybersecurity requirements

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

New York Announces Proposed Cybersecurity Regulation to Protect Consumers and Financial Institutions

New York Banking Regulator Announces New Cybersecurity Assessment Process

HSBC Fined £3 Million ($5 Million) for Data Security Failings in UK

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

February 15 deadline looms for first DFS Cybersecurity Certification

India’s Digital Future Is Bright

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

Transition period under New York Cybersecurity Regulation ends March 1, 2019

NYDFS settles with EyeMed for $4.5 million

Stay Connected