Data breaches, Financial Services and Insurance

Toyota Financial Services discloses a data breach

Security Affairs

DECEMBER 11, 2023

Toyota Financial Services (TFS) disclosed a data breach, threat actors had access to sensitive personal and financial data. Toyota Financial Services (TFS) is warning customers it has suffered a data breach that exposed sensitive personal and financial data.

Financial Services

Financial Services Data breaches Ransomware Insurance

New York Department of Financial Services Reaches $1 Million Dollar Settlement With First American Title Insurance in Data Breach Investigation

Hunton Privacy

DECEMBER 4, 2023

On November 28, 2023, the New York Department of Financial Services (“NYDFS”) announced that First American Title Insurance Company (“First American”), the second-largest title insurance company in the United States, would pay a $1 million penalty for violations of the NYDFS Cybersecurity Regulation in connection with a 2019 data breach.

Financial Services

Financial Services Insurance Data breaches Cybersecurity

Medusa ransomware gang claims the hack of Toyota Financial Services

Security Affairs

NOVEMBER 17, 2023

Toyota Financial Services discloses unauthorized activity on systems after the Medusa ransomware gang claimed to have hacked the company. Toyota Financial Services confirmed the discovery of unauthorized activity on systems in a limited number of its locations. The company has yet to disclose a data breach.

Financial Services

Financial Services Ransomware Data breaches Insurance

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July.

Insurance

Insurance Data breaches Financial Services Passwords

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

President Trump Signs Financial Services Regulatory Reform Legislation

Data Matters

JUNE 5, 2018

The definition of “banking entity” now excludes insured depository institutions (and their parent companies and affiliates) if (i) the institution has less than $10 billion in total consolidated assets and (ii) the institution’s trading assets and liabilities are less than 5 percent of its total consolidated assets.

Financial Services

Financial Services Insurance Privacy Authentication

U.S. Treasury Expresses National Perspective In Response to NAIC Insurance Data Security Model Law

Data Matters

DECEMBER 7, 2017

Department of Treasury released a 176-page Report examining the current regulatory framework for asset management and insurance industries. This Report may significantly impact the evolution of state-law cybersecurity regulations for the financial services sector. 3, 2017), and makes recommendations to ensure alignment.

Insurance

Insurance Data breaches Security Cybersecurity

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. based First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2

Insurance

Insurance Financial Services Mining Access

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. Since Carnival was licensed by the Department to sell insurance in NY State, it was treated as a covered entity under the Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

IT Governance

DECEMBER 11, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Data breached: more than 59 million data records. BianLian claims to have exfiltrated 5 TB of data, comprising millions of sensitive documents. Akumin Inc.

Data Privacy

Data Privacy Energy and Utilities Privacy Manufacturing

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

5,255,944,117 known records breached in 128 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks.

Data Privacy

Data Privacy Privacy Manufacturing Security

NY Investigates Exposure of 885 Million Mortgage Documents

Krebs on Security

MAY 31, 2019

On May 29, The New York Times reported that the inquiry by New York’s Department of Financial Services is likely to be followed by other investigations from regulators and law enforcement. No authentication was needed to access the digitized records. ”

Financial Services

Financial Services Insurance Sales Authentication

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

IT Governance

NOVEMBER 13, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Records breached: 79,582 Ontario hospitals update: information relating to 5.6 Records breached: 79,582 Ontario hospitals update: information relating to 5.6

Data Privacy

Data Privacy Privacy Security Data breaches

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

66,702,148 known records breached in 103 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Data breached: 6.9

Data Privacy

Data Privacy Privacy Security Data breaches

US: Surviving the service provider data breach

DLA Piper Privacy Matters

JULY 30, 2019

It’s summer, and life’s a breach. A data breach, that is. It’s your service provider’s breach, but it involves your (more likely, your customer’s) data. So put down the beach reading, for some breach reading. Who “owns” a data breach?

Data breaches

Data breaches Cybersecurity Financial Services Risk

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

IT Governance

JANUARY 23, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The data set is a collection of 1 billion credentials sourced from stealer logs and hosted on the illicit.services website. Data breached: 70,840,771 email addresses.

Data Privacy

Data Privacy Privacy Manufacturing Retail

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

KnowBe4

JUNE 20, 2023

1 Root Cause of Data Breaches Verizon's DBIR always has a lot of information to unpack, so I'll continue my review by covering how stolen credentials play a role in attacks. So, what does the report say about the most common threat actions that are involved in data breaches?

Data breaches

Data breaches Phishing Security awareness Ransomware

How Marriott Customers Can Protect Themselves From The Latest Breach

Adam Levin

APRIL 6, 2020

Marriott International announced a data breach that may have exposed the information of 5.2 This is the second major data breach that Marriott has experienced in recent years; in 2018, the company announced that the information of 327 million customers of subsidiary Starwoodhad been compromised in a similar incident. .

Data breaches

Data breaches Passwords Financial Services Insurance

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

IT Governance

JANUARY 16, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The data is no longer publicly available. Data breached: >223,000,000 records. Data breached: >7,000,000 records. Data breached: 5,500,000 records.

Data Privacy

Data Privacy Privacy Manufacturing Retail

Ransomware infected systems at Xchanging, a DXC subsidiary

Security Affairs

JULY 6, 2020

Xchanging is a business process and technology services provider and integrator, which provides technology-enabled business services to the commercial insurance industry. Xchanging is primarily an insurance managed services business that operates on a standalone basis.”

Ransomware

Ransomware Insurance Financial Services Manufacturing

BELGIUM: Belgian DPA provides first status update after six months of GDPR

DLA Piper Privacy Matters

NOVEMBER 26, 2018

Some interesting statistics relate to the number of data breach notifications and complaints received. since May 25th, the Belgian Data Protection Authority was notified of 317 data breaches (compared to last year when only 13 breaches were notified). In the six months ?since

GDPR

GDPR Data breaches Financial Services Insurance

Keeping Up with New Data Protection Regulations

erwin

APRIL 11, 2019

In fact, organizations should expect increasing pressure on lawmakers to introduce new data protection regulations. A number of high-profile data breaches and scandals have increased public awareness of the issue. For example, many retailers have robust, data-driven e-commerce operations that are international.

GDPR

GDPR e-Discovery Compliance Metadata

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity

Cybersecurity Financial Services Data breaches Insurance

Striking a balance between security and usability of sensitive data

OpenText Information Management

DECEMBER 4, 2019

Last year, the number of personal records exposed by cyber attacks on the financial services industry was an incredible 446,575,334 – more than triple from the year before. The financial and reputational damage from these data breaches can be immense.

Financial Services

Financial Services Data breaches Security Personal data

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

GDPR, the EU’s flagship data privacy and “right to be forgotten” regulation, has made the stakes of a data breach higher than ever. Healthcare Data Privacy Laws. Health data and patient data in the U.S. In the U.S., for example, all 50 states (along with the District of Columbia, Puerto Rico, the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

Ireland: Large-scale inquiries progress as DPC budget and staff numbers ramp up

DLA Piper Privacy Matters

FEBRUARY 28, 2022

Primary areas of focus for the DPC in 2021 included the safeguarding of children’s data protection rights, progressing ongoing large-scale inquires and prioritising responding to complaints which have raised issues of substance, with a data subject centric approach to resolution. Financial Services Sector Focus.

Financial Services

Financial Services Data breaches Personal data Compliance

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Late last year, Atrium Health disclosed it lost sensitive data for some 2.65 The culprit: lax practices of a third-party data and analytics contractor. Related: Atrium Health breach highlights third-party risks. There is impetus for change – beyond the fear of sustaining a major data breach.

Risk

Risk Financial Services Insurance Cybersecurity

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

402,437,094 known records breached in 240 publicly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks.

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

Belgian DPA Publishes Post-GDPR Activity Review

Hunton Privacy

NOVEMBER 26, 2018

Since the GDPR took force, 317 data breaches were reported to the Belgian DPA. The majority of data breach notifications came from the following sectors: (i) health care, (ii) insurance, (iii) public institutions and defense, (iv) telecommunications and postal services, and (v) financial services.

GDPR

GDPR Data breaches Financial Services Insurance

Maze ransomware gang discloses data from drug testing firm HMR

Security Affairs

APRIL 8, 2020

The drug testing firm Hammersmith Medicines Research LTD (HMR), which performs live trials of Coronavirus vaccines, discloses a data breach. ” reads the data breach notification published by the company. The research firm revealed that many of the government IDs exposed in the data breach have since expired.

Ransomware

Ransomware Data breaches Encryption Financial Services

Federal Bank Regulators Require Notifications For Material Cybersecurity Incidents

Data Matters

NOVEMBER 22, 2021

The rule was jointly issued by the Board of Governors of the Federal Reserve (“Board”), the Federal Deposit Insurance Corporation (“FDIC”), and the Office of the Comptroller of the Currency (“OCC”). The agencies note the increasing frequency and severity of cyberattacks on the financial services industry as a key motivator for the rule.

Cybersecurity

Cybersecurity Insurance Financial Services Marketing

How Multi-factor Authentication Can Benefit Your Industry

Rocket Software

AUGUST 17, 2020

For some sectors, like finance, security and data protection are top of mind for everything that is done. Financial services organizations typically experience the most data breaches and hacks, which makes security a priority. Patient data is highly sensitive and confidential. But what about healthcare?

Authentication

Authentication Financial Services Passwords Insurance

New York SHIELD Act $600,000 settlement

Data Protection Report

FEBRUARY 8, 2022

On January 24, 2022, the New York Attorney General (AG) announced a settlement with vision-benefits-provider EyeMed Vision Care, Inc., In total, information for approximately 2.1 EyeMed notified affected individuals and offered credit monitoring, fraud consultation, identity theft restoration. SHIELD Act.

Passwords

Passwords Financial Services Authentication Insurance

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Data Matters

APRIL 20, 2021

This development indicates that sponsors and fiduciaries may soon be subject to focused scrutiny over their cybersecurity practices in DOL investigations and adds to the multiple existing sources of cybersecurity legal risk in the wake of data breaches or insufficient cybersecurity controls.

Cybersecurity

Cybersecurity Insurance Risk Compliance

NYDFS settles cybersecurity regulation matter for $3 million

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. NSC), relating to violations of three different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2020. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Financial Services Phishing Compliance

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

During the recent investigation, the Cybernews research team discovered that the bank leaked the sensitive data due to the misconfiguration of their systems. ICICI Bank’s response Threat to financial accounts Finance and insurance are one of the most targeted industries by cybercriminals.

Personal data

Personal data Phishing Risk Financial Services

New York Proposes First-in-the-Nation Cybersecurity Regulation for Financial Institutions

Privacy and Cybersecurity Law

SEPTEMBER 20, 2016

On September 13, 2016, the New York Department of Financial Services introduced a new rule that would require banks, insurance […].

Financial Services

Financial Services Insurance Cybersecurity Data breaches

Marriott Breach: More than 500 Million Guest Affected

Adam Levin

NOVEMBER 30, 2018

If you prefer a more laid back approach, sign up for free transaction alerts from financial services institutions and credit card companies, or subscribe to a credit and identity monitoring program, 3. There are places to check your credit score for free online, and most credit cards let you see your FICO score. Manage the damage.

Financial Services

Financial Services Encryption Passwords Communications

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. Data breach litigation risks. Federal Data Breach Legislation.

Cybersecurity

Cybersecurity Privacy Data breaches GDPR

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

On July 25, 2019, Governor Cuomo signed the two bills into law, one which amended the state’s data breach notification law, and another that created additional obligations for data breaches at credit reporting agencies. The Identity Theft Prevention and Mitigation Services Act. codified at N.Y.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020.

Cybersecurity

Cybersecurity Personal data Risk Financial Services

Expect More Spam Calls and SIM-Card Scams: 400 Million Phone Numbers Exposed

Adam Levin

SEPTEMBER 5, 2019

Make sure you get on top of any incursion into your identity quickly and/or enroll in a program where professionals help you navigate and resolve identity compromises–oftentimes available for free, or at minimal cost, through insurance companies, financial services institutions and employers.

Mining

Mining Authentication Financial Services Privacy

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

Toyota Financial Services discloses a data breach

New York Department of Financial Services Reaches $1 Million Dollar Settlement With First American Title Insurance in Data Breach Investigation

Webinars

Trending Sources

Medusa ransomware gang claims the hack of Toyota Financial Services

Webinars

American Insurance firm State Farm victim of credential stuffing attacks

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

President Trump Signs Financial Services Regulatory Reform Legislation

U.S. Treasury Expresses National Perspective In Response to NAIC Insurance Data Security Model Law

NY Charges First American Financial for Massive Data Leak

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

NY Investigates Exposure of 885 Million Mortgage Documents

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

US: Surviving the service provider data breach

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

How Marriott Customers Can Protect Themselves From The Latest Breach

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

Ransomware infected systems at Xchanging, a DXC subsidiary

BELGIUM: Belgian DPA provides first status update after six months of GDPR

Keeping Up with New Data Protection Regulations

New York State Expected to Increase Enforcement of Cybersecurity Practices

Striking a balance between security and usability of sensitive data

Security Compliance & Data Privacy Regulations

Ireland: Large-scale inquiries progress as DPC budget and staff numbers ramp up

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

Belgian DPA Publishes Post-GDPR Activity Review

Maze ransomware gang discloses data from drug testing firm HMR

Federal Bank Regulators Require Notifications For Material Cybersecurity Incidents

How Multi-factor Authentication Can Benefit Your Industry

New York SHIELD Act $600,000 settlement

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

NYDFS settles cybersecurity regulation matter for $3 million

Multinational ICICI Bank leaks passports and credit card numbers

New York Proposes First-in-the-Nation Cybersecurity Regulation for Financial Institutions

Marriott Breach: More than 500 Million Guest Affected

Privacy and Cybersecurity Top 10 for 2018

New York Enacts Stricter Data Cybersecurity Laws

NYDFS settles with EyeMed for $4.5 million

Expect More Spam Calls and SIM-Card Scams: 400 Million Phone Numbers Exposed

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Stay Connected