2017, Financial Services and IT - Information Management Today

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. These revisions represent the most significant modifications since the enactment of the rules in March 2017.

Financial Services

Financial Services Cybersecurity Compliance Government

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

Hunton Privacy

NOVEMBER 8, 2023

On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services (“NYDFS”) amended its Cybersecurity Regulation applicable to covered financial institutions. Our previous blog post covered key proposed changes to the Cyber Regulation.

Cybersecurity

Cybersecurity IT Compliance Financial Services

NY Department of Financial Services Issues Reminder for Cybersecurity Filing Deadline

Hunton Privacy

JANUARY 24, 2018

On January 22, 2018, the New York Department of Financial Services (“NYDFS”) issued a press release reminding entities covered by its cybersecurity regulation that the first certification of compliance with the regulation is due on or prior to February 15, 2018.

Financial Services

Financial Services Cybersecurity Compliance Insurance

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. The post New York Department of Financial Services Issues First Guidance by a U.S. Issuance of the Framework is notable as it represents the first official guidance by a U.S. Evaluate Systemic Risk. 1 See W.B.

Insurance

Insurance Financial Services Cybersecurity Risk

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

A cyber attack hit Nissan Oceania

Security Affairs

DECEMBER 7, 2023

“The Australian and New Zealand Nissan Corporation and Financial Services (“Nissan”) advises that its systems have been subject to a cyber incident. In December 2017, Nissan Finance Canada was hacked , personal information of 1.13 ” reads the statement published by the company on its website. .”

Financial Services

Financial Services Data breaches Ransomware Access

My (somewhat unreliable) data protection predictions for 2017

Data Protector

DECEMBER 31, 2016

I’ve recently had a quiet year on the blogging front – my professional duties have prevented me from playing a more active role on the Internet during this year than I would have liked, but that is set to change in 2017. They're not definitive statements of the law that must be ruthlessly adhered to. Thats is it for this year’s predictions.

GDPR

GDPR Communications Financial Services Education

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Krebs on Security

JULY 1, 2021

Financial services giant Intuit this week informed 1.4 Intuit says the change is tied to an “exciting” and “free” new service that will let millions of small business employees get easy access to employment and income verification services when they wish to apply for a loan or line of credit.

Financial Services

Financial Services Government Authentication IT

US banks Q3 results shine light on financial services innovation

Info Source

OCTOBER 12, 2018

percent year on year, from $499 billion in 2017 according to Gartner. For example, ChatBot technology is becoming particularly popular in banking for customer service, by cutting down handling times and accelerating payments processing, enabling better customer interaction by eliminating errors and increasing efficiency.

Financial Services

Financial Services Customer Experience Retail Insurance

Nissan Oceania data breach impacted roughly 100,000 people

Security Affairs

MARCH 14, 2024

The Australian and New Zealand Nissan Corporation and Financial Services (“Nissan”) advises that its systems have been subject to a cyber incident. In December 2017, Nissan Finance Canada was hacked , personal information of 1.13 reads the statement published by the company on its website.

Data breaches

Data breaches Financial Services Ransomware Government

Laserfiche Wins Gold in Best in Biz Awards 2017

Info Source

DECEMBER 5, 2017

With customers in nearly every industry including government, education, financial services, manufacturing and health care, Laserfiche offers solutions tailored to organizations’ needs, and the expertise and personalized service that drive customer success. and Canada.

ECM

ECM Education Financial Services Manufacturing

CFPB’s Proposed Data Rules

Schneier on Security

JANUARY 31, 2024

The rules would ensure people can obtain their own financial data at no cost, control who it’s shared with and choose who they do business with in the financial industry. The best way for financial services firms to meet the CFPB’s rules would be to apply the decoupling principle broadly.

Financial Services

Financial Services Privacy Personal data Marketing

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

JANUARY 13, 2019

FlawedGrace is a full-featured RAT that we first observed in November 2017.” ” The TA505 group was first spotted by Proofpoint back 2017, it has been active at least since 2015 and targets organizations in financial and retail industries. ” reads the analysis published by Proofpoint. The support for “.bit”

IT

IT Financial Services Retail Ransomware

5 things to know: IBM Cloud’s mission to accelerate innovation for clients

IBM Big Data Hub

AUGUST 1, 2023

Dizzion, an innovator in the Managed Desktop as a Service (DaaS) industry, hosts its managed desktop offering on IBM Cloud to help enterprises manage their workforce. With its decades-long history of delivering electronic design innovation and offering hosted design services, Cadence Design Systems, Inc.

Financial Services

Financial Services Computer and Electronics Cloud Digital transformation

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

JANUARY 25, 2022

” According to the Native American Financial Services Association (NAFSA), a trade group in Washington, D.C. Or how about not learning of the fraudulent loan until it gets handed off to collection agents? Jim says MSF assured him it would, and the loan was never issued. Then on Nov. Then on Nov.

Financial Services

Financial Services IT Data breaches Authentication

NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

Hunton Privacy

OCTOBER 24, 2022

On October 18, 2022, the New York State Department of Financial Services (“NYDFS”) announced that EyeMed Vision Care LLC (“EyeMed”) agreed to a $4.5 The NYDFS’s consent order notes that EyeMed’s failure to comply with the Cybersecurity Regulation left EyeMed vulnerable to threat actors.

Cybersecurity

Cybersecurity Financial Services Risk Phishing

SEC Charges Investment Advisers and Broker-Dealers with Deficient Cybersecurity Procedures

Hunton Privacy

SEPTEMBER 1, 2021

34-92806 ; and In the Matter of KMS Financial Services, Inc. , Release No. According to the SEC order against KMS Financial Services Inc., On August 30, 2021, the U.S. These failures led to email account takeovers that exposed personal information of thousands of customers at each firm. 34-92807 , August 30, 2021.

Cybersecurity

Cybersecurity Financial Services Cloud Access

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Security Affairs

FEBRUARY 4, 2019

“This activity was typically only within reach of intelligence agencies or surveillance contractors, but now Motherboard has confirmed that this capability is much more widely available in the hands of financially-driven cybercriminal groups, who are using it to empty bank accounts. ” said National Cyber Security Centre spokesman.

IT

IT Authentication Financial Services Access

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

The experts were able to enumerate the C2s and targets of multiple distinct Chaos clusters, some of which were employed in recent DDoS attacks against the gaming, financial services and technology, and media and entertainment industries. .” reads the analysis published by Lumen Technologies. ” continues the report.

Mining

Mining Financial Services IT Security

Improve your data relationships with third parties

Collibra

FEBRUARY 11, 2020

Regulators are focusing on the data relationships financial services organizations have with third parties, including how well personal information is being managed. There are several areas that the international financial services regulatory community is engaged in that touch on third party personal data relationships.

Financial Services

Financial Services Digital transformation Personal data Compliance

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity

Cybersecurity Financial Services Data breaches Insurance

SEC announces sanctions against entities over email account hacking

Security Affairs

SEPTEMBER 1, 2021

The sanctioned entities are Cetera (Advisor Networks, Investment Services, Financial Specialists, Advisors, and Investment Advisers), Cambridge Investment Research (Investment Research and Investment Research Advisors), and KMS Financial Services. ” Follow me on Twitter: @securityaffairs and Facebook.

Financial Services

Financial Services Cybersecurity Cloud Security

BELGIUM: Belgian DPA provides first status update after six months of GDPR

DLA Piper Privacy Matters

NOVEMBER 26, 2018

The top five industry sectors notifying data breaches are: 1) health care, 2) insurance, 3) public administrations and defense, 4) telecoms and 5) financial services. In six months only, the DPA received: 3599 information requests (compared to 2145 information requests in 2017). The other released figures are also remarkable.

GDPR

GDPR Data breaches Financial Services Insurance

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

Healthcare and public health, financial services, and IT organizations are frequent targets, although businesses of all sizes can fall victim to these schemes. In fact, ransomware-as-a-service is alive and well, educating would-be offenders on how to undertake an attack and even offering customer support. Prevalence.

Ransomware

Ransomware Education Phishing Financial Services

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. billion per month.

Insurance

Insurance Data breaches Financial Services Passwords

NYDFS settles cybersecurity regulation matter for $3 million

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. Readers may recall that NYDFS’ cybersecurity regulation went into effect in March of 2017. NYDFS Cybersecurity Regulation. The second incident occurred in March of 2019.

Cybersecurity

Cybersecurity Financial Services Phishing Compliance

In Case You Missed It: Money 20/20 Conference Highlights

Thales Cloud Protection & Licensing

NOVEMBER 2, 2017

The conference features a variety of topics and sessions regarding all aspects of financial services, from cryptocurrency to banking. Three topics that piqued my interest at the 2017 show included authentication, blockchain and digital payments. Authentication. And as I mentioned earlier: user experience is driving business.

Blockchain

Blockchain IT Authentication e-Delivery

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Risk

Risk Financial Services Insurance Cybersecurity

NYDFS settles cybersecurity regulation matter for $1.8 million

Data Protection Report

JUNE 2, 2021

On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 Readers may recall that NYDFS’ cybersecurity regulation went into effect in March of 2017. Readers may recall that NYDFS’ cybersecurity regulation went into effect in March of 2017. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Financial Services Phishing

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

The bug affected the OCA’s Diameter Signalling Router component and its Communications Services Gatekeeper. The flaw also affected the Financial Services Analytical Applications Infrastructure, the Fusion Middleware MapViewer, and four three Oracle Retail components. ” reads the d escription provided by.

Financial Services

Financial Services Libraries Mining Retail

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

In September 2017, then-SEC Chairman Jay Clayton issued a public statement that provided an overview of the SEC’s approach to cybersecurity and underscored it as a priority for the SEC. 20, 2017). SEC Statement and Guidance on Public Company Cybersecurity Disclosures. enable companies to identify cybersecurity risks and incidents.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

NYDFS Cybersecurity Regulations: A glimpse into the future

Thales Cloud Protection & Licensing

NOVEMBER 27, 2018

The cybersecurity regulation ( 23 NYCRR 500 ) adopted by the New York State Department of Financial Services (NYDFS) is nearly two years old. The 2017 bill, the first of its kind, will be fully implemented as of March 1st, 2019. Even though these regulations only apply to New York, financial institutions across the U.S.

Cybersecurity

Cybersecurity Financial Services Encryption Data Privacy

Understanding Blockchain and its Impact on Legal Technology, Part Two

eDiscovery Daily

FEBRUARY 26, 2019

Areas such as financial services, technology, manufacturing, pharmaceutical, and energy industries all needed systems with these two factors. , which we covered as part of a webcast on November 28 of last year. Tom’s overview is split into six parts, so we’ll cover each part separately. How Blockchain Works.

Blockchain

Blockchain IT Computer and Electronics Healthcare

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. companies and government entities.

Ransomware

Ransomware Government Cybersecurity Blockchain

Cloud, Intelligent Content Services, and Digital Fragility: What’s on the RIM Horizon for 2020

ARMA International

DECEMBER 26, 2019

Nineteen percent of RIM programs report into IT (up from 15% in 2017), and 28% into legal (up from 18.5% in 2017), with the remainder reporting into senior administrative roles, compliance, corporate services, or finance teams. In 2017, only 25% of respondents reported they had re-organized their programs.

Content services

Content services Cloud Records Management Privacy

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

The Last Watchdog

DECEMBER 6, 2018

In the same vein, businesses at large can use the intelligence cycle as a model to detect and deter any attacks coming from foreign intelligence services. Per a 2017 CNN source , nearly 100,000 agents from as many as 80 nations operate within the United States with the intention of targeting businesses to gain access to key U.S.

Security

Security Financial Services Manufacturing Data collection

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Security Affairs

FEBRUARY 4, 2019

“This activity was typically only within reach of intelligence agencies or surveillance contractors, but now Motherboard has confirmed that this capability is much more widely available in the hands of financially-driven cybercriminal groups, who are using it to empty bank accounts. ” said National Cyber Security Centre spokesman.

IT

IT Authentication Financial Services Access

NYDFS Files First Cybersecurity Enforcement Action

Hunton Privacy

JULY 24, 2020

On Wednesday, July 22, the New York Department of Financial Services (the “NYDFS”) announced that it had filed administrative charges against First American Title Insurance Co. under the NYDFS Cybersecurity Regulation , marking the agency’s first enforcement action since the rules went into effect in March 2017. NYCRR 500.14(b):

Cybersecurity

Cybersecurity Risk Financial Services Insurance

Was RI Advice a watershed for cybersecurity law in Australia or a damp squib?

Data Protection Report

MAY 25, 2022

The decision has been labelled as a watershed decision in Australia – a ‘first of its kind’ case that puts financial services firms, and more broadly, corporate Australia, on notice that failures to adequately understand and manage cybersecurity and cyber resilience risks will no longer be tolerated by Australia’s regulatory agencies.

Cybersecurity

Cybersecurity Risk Financial Services Retail

Sophisticated cyber attacks are biggest technology concern in 2018

IT Governance

JANUARY 10, 2018

In December 2017 we reported that 33.8 million records had been leaked, and in November 2017 there were 59 million records leaked. According to a recent study from Invotra , the financial services industry and the public sector both fear sophisticated, harmful cyber threats in 2018. Growing concern about cyber attacks.

Customer Experience

Customer Experience Financial Services GDPR Phishing

New York Publishes FAQs and Key Dates for Cybersecurity Regulation

Hunton Privacy

APRIL 27, 2017

Earlier this month, the New York State Department of Financial Services (“NYDFS”) recently published FAQs and key dates for its cybersecurity regulation (the “NYDFS Regulation”) for financial institutions that became effective on March 1, 2017.

Cybersecurity

Cybersecurity Compliance Financial Services Insurance

CIPL Issues White Paper on the Regulatory Sandbox Following Joint Roundtable with the ICO

Hunton Privacy

MARCH 13, 2019

The concept was first developed by the UK’s Financial Conduct Authority to enable regulated companies to experiment and innovate in the financial services space but is starting to be utilized in the data protection sphere.

Paper

Paper Financial Services Personal data IT

Experts linked ransomware attacks to China-linked APT27

Security Affairs

JANUARY 4, 2021

defense contractors , financial services firms, and a national data center in Central Asia. If APT27 focuses on cyberespionage, Winnti is known for its financial motivation. ” The experts observed the APT group exploiting the Windows COM Elevation of Privilege Vulnerability tracked as CVE-2017-0213.

Ransomware

Ransomware Encryption Financial Services Cybersecurity

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

Webinars

Trending Sources

NY Department of Financial Services Issues Reminder for Cybersecurity Filing Deadline

Webinars

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

A cyber attack hit Nissan Oceania

My (somewhat unreliable) data protection predictions for 2017

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

US banks Q3 results shine light on financial services innovation

Nissan Oceania data breach impacted roughly 100,000 people

Laserfiche Wins Gold in Best in Biz Awards 2017

CFPB’s Proposed Data Rules

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

5 things to know: IBM Cloud’s mission to accelerate innovation for clients

Scary Fraud Ensues When ID Theft & Usury Collide

NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

SEC Charges Investment Advisers and Broker-Dealers with Deficient Cybersecurity Procedures

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Improve your data relationships with third parties

New York State Expected to Increase Enforcement of Cybersecurity Practices

SEC announces sanctions against entities over email account hacking

BELGIUM: Belgian DPA provides first status update after six months of GDPR

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

American Insurance firm State Farm victim of credential stuffing attacks

NYDFS settles cybersecurity regulation matter for $3 million

In Case You Missed It: Money 20/20 Conference Highlights

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

NYDFS settles cybersecurity regulation matter for $1.8 million

Oracle critical patch advisory addresses 284 flaws, 33 critical

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

NYDFS Cybersecurity Regulations: A glimpse into the future

Understanding Blockchain and its Impact on Legal Technology, Part Two

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Cloud, Intelligent Content Services, and Digital Fragility: What’s on the RIM Horizon for 2020

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

Metro Bank is the first bank that disclosed SS7 attacks against its customers

NYDFS Files First Cybersecurity Enforcement Action

Was RI Advice a watershed for cybersecurity law in Australia or a damp squib?

Sophisticated cyber attacks are biggest technology concern in 2018

Top 7 Data Governance Blog Posts of 2018

New York Publishes FAQs and Key Dates for Cybersecurity Regulation

CIPL Issues White Paper on the Regulatory Sandbox Following Joint Roundtable with the ICO

Experts linked ransomware attacks to China-linked APT27

Stay Connected