2018, Encryption, Financial Services and Security

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. But those aren’t the only laws or regulations that affect IT security teams.

Data Privacy

Data Privacy Compliance Privacy Security

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

The Last Watchdog

AUGUST 15, 2018

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). Related: How PKI can secure IoT. It’s true that most financial services and big-name shopping websites have long ago moved to HTTPS.

Security

Security Encryption Authentication Financial Services

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

$8 million penalty to NYDFS – and another case of over-retention

Data Protection Report

JANUARY 18, 2024

NYDFS conducted its first audit of GGT for the period of May 17, 2018 through March 31 2019. 2024 was not a happy new year for Genesis Global Trading, Inc. (“GGT”).

Cybersecurity

Cybersecurity Financial Services Compliance Encryption

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

million Windows systems between 2018 and 2020. The software includes illegal Adobe Photoshop 2018, a Windows cracking tool, and several cracked games.” million unique email addresses, NordLocker found, for an array of different apps and services. terabyte of stolen data. The database includes 6.6 million computers.

Computer and Electronics

Computer and Electronics Archiving Encryption Passwords

FFIEC Updates Its Cybersecurity Guidelines For Financial Institutions

ForAllSecure

JANUARY 31, 2023

On October 3, 2022, the Federal Financial Institutions Examination Council's ( FFIEC ) updated its 2018 Cybersecurity Resource Guide for Financial Institutions. The guide also serves as an educational resource on the latest security technologies.

Cybersecurity

Cybersecurity IT Financial Services Risk

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

OCTOBER 4, 2018

As of Tuesday, September 4, 2018, covered entities are required to be in compliance with additional requirements relating to: Audit Trail (Section 500.06); Application Security (Section 500.08); Limitations on Data Retention (Section 500.13); Monitoring of Authorized Users (Section 500.14(a)); Application Security (Section 500.08).

Cybersecurity

Cybersecurity Encryption Financial Services Compliance

NYDFS Files First Cybersecurity Enforcement Action

Hunton Privacy

JULY 24, 2020

On Wednesday, July 22, the New York Department of Financial Services (the “NYDFS”) announced that it had filed administrative charges against First American Title Insurance Co. under the NYDFS Cybersecurity Regulation , marking the agency’s first enforcement action since the rules went into effect in March 2017. NYCRR 500.14(b):

Cybersecurity

Cybersecurity Risk Financial Services Insurance

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

OCTOBER 4, 2018

As of Tuesday, September 4, 2018, covered entities are required to be in compliance with additional requirements relating to: Audit Trail (Section 500.06); Application Security (Section 500.08); Limitations on Data Retention (Section 500.13); Monitoring of Authorized Users (Section 500.14(a)); Application Security (Section 500.08).

Cybersecurity

Cybersecurity Encryption Financial Services Compliance

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

OCTOBER 4, 2018

As of Tuesday, September 4, 2018, covered entities are required to be in compliance with additional requirements relating to: Audit Trail (Section 500.06); Application Security (Section 500.08); Limitations on Data Retention (Section 500.13); Monitoring of Authorized Users (Section 500.14(a)); Application Security (Section 500.08).

Cybersecurity

Cybersecurity Encryption Financial Services Compliance

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Third-party service provider risk management program. Upcoming certifications.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

Air Canada data breach – 20,000 users of its mobile app affected

Security Affairs

AUGUST 30, 2018

22-24, 2018, it added that financial data was protected but invited to remain vigilant for fraudulent credit card transactions. 22-24, 2018. As an additional security precaution, we have locked all Air Canada mobile App accounts to protect our customers’ data.” ” reads the data breach notification.

Data breaches

Data breaches IT Passwords Financial Services

Ransomware Protection in 2021

eSecurity Planet

FEBRUARY 16, 2021

The internet is fraught with peril these days, but nothing strikes more fear into users and IT security pros than the threat of ransomware. All of your files are encrypted with RSA-2048 and AES-128 ciphers.” Attackers will inform the victim that their data is encrypted. IMPORTANT INFORMATION !!! Screenshot example.

Ransomware

Ransomware Encryption Insurance Cloud

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

SEPTEMBER 10, 2018

Security experts observed the LuckyMouse APT group using a digitally signed 32- and 64-bit network filtering driver NDISProxy in recent attacks. defense contractors and financial services firms worldwide. The APT group has been active since at least 2010, the crew targeted U.S. Pierluigi Paganini.

Communications

Communications Financial Services Phishing Encryption

It’s time to think twice about retail loyalty programs

Thales Cloud Protection & Licensing

DECEMBER 11, 2018

What I’d originally planned to write about was a topic that directly applies – why retailers of all stripes are not investing in data security. To make a long story short – the top reason that they didn’t invest in data security was “lack of perceived need” at 52%. You should consider it too. It’s just a waiting game.

Retail

Retail Data breaches Encryption Mining

Federal Agency Data is Under Siege

Thales Cloud Protection & Licensing

JULY 24, 2018

With more than 65,000 employees in 56 countries, Thales is a global leader in technology solutions for the aerospace, transport, defence and security markets. Its unique capabilities include the design and deployment of equipment, systems and services to meet complex security requirements. But, that’s not the whole story.

Encryption

Encryption Cloud Data breaches Government

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

Data Matters

OCTOBER 8, 2020

Ransomware attacks use malware, often injected through phishing schemes, to encrypt a victim’s data files or programs, followed by a ransom demand by the threat actor that offers the decryption key in exchange for payment. Payment is often demanded in bitcoin, and thus third-party services are often used to make such payments.

Ransomware

Ransomware Compliance Risk Government

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

Of particular concern to state-level policymakers and enforcement authorities are business practices that in their view may contribute to security incidents. The insurance industry has not been immune from such scrutiny, and the imposition of business practice requirements intended to enhance cybersecurity sector-wide.

Insurance

Insurance Cybersecurity Data breaches Financial Services

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Hunton Privacy

FEBRUARY 25, 2021

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. 2018-L-11008, 2018 WL 4941760 (Ill. For example, Mondelez International Inc.

Insurance

Insurance Cybersecurity Risk Education

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

ARMA International

AUGUST 2, 2019

According to the FTC’s press release, the data breach included “names and dates of birth, Social Security numbers, physical addresses, and other personal information that could lead to identity theft and fraud.” (See According to its annual report , Equifax’s 2018 revenue was over $3 billion.) Thompson in connection with the incident.

Cloud

Cloud Data breaches Encryption Access

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

The proposed changes to the Safeguards Rule add a number of more detailed security requirements, whereas the proposed changes to the Privacy Rule are more focused on technical changes to align the Rule with changes in law over the past decade. It includes general, high level elements of a security program, but lacks detailed security steps.

Privacy

Privacy Risk Cybersecurity Information Security

Sibos 2018 – a whirlwind tour of my week down under

CGI

DECEMBER 18, 2018

Sibos 2018 – a whirlwind tour of my week down under. Tue, 12/18/2018 - 04:55. One of the great things about Sibos as a conference is that they have a lot of non-financial services speakers, often bringing in leading academics to talk about their specialist areas.

Financial Services

Financial Services Encryption Marketing GDPR

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

Glosbe dictionary exposes almost 7 million records The multilingual online dictionary Glosbe left a MongoDB instance unsecured last year, exposing nearly 7 million users’ information, including personal data, encrypted passwords and social media identifiers. Glosbe did not reply, but the open instance was soon closed. UniCredit fined €2.8

Data Privacy

Data Privacy Privacy Security Data breaches

Living in a data sovereign world

IBM Big Data Hub

OCTOBER 16, 2023

Digital sovereignty revolves around a value-driven, ordered, regulated and secure digital destination for all data, hardware and software, infrastructure components and application operations. Data sovereignty addresses legal, privacy, security and governance concerns associated with the storage, processing and transfer of data.

Cloud

Cloud Compliance Data Privacy Privacy

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

* This article first appeared in In-House Defense Quarterly on April 3, 2018. Information security is not yet a science; outside of the handful of issues falling under the field of cryptography, there is no formalized system of classification. Encrypting critical data assets. Creating an enterprise-wide governance structure.

Cybersecurity

Cybersecurity Risk Passwords Authentication

The Hacker Mind Podcast: Going Passwordless

ForAllSecure

JANUARY 19, 2022

Is there something more secure? Simon Moffatt from CyberHut joins The Hacker Mind to discuss how identity and access management (IAM) is fundamental to everything we do online today, and why even multi-factor access, while an improvement, needs to yield to more effortless and more secure passwordless technology that’s coming soon.

Passwords

Passwords Authentication Access Data breaches

Nation-State-Sponsored Attacks: Not Your Grandfather’s Cyber Attacks

Data Matters

MAY 17, 2022

Two months later, on July 19, 2021, the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and FBI assessed that People’s Republic of China state-sponsored malicious cyber activity is a major threat to U.S. and Allied cyberspace assets. supply chain attacks).

Cybersecurity

Cybersecurity Government Authentication Ransomware

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. With evolving attack methodologies due to machine learning, quantum computing, and sophisticated nation-state hackers, security startups are receiving record funding.

Cybersecurity

Cybersecurity Cloud Compliance Analytics

Information Management Today

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Security Compliance & Data Privacy Regulations

Webinars

Trending Sources

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

Webinars

$8 million penalty to NYDFS – and another case of over-retention

Mysterious custom malware used to steal 1.2TB of data from million PCs

FFIEC Updates Its Cybersecurity Guidelines For Financial Institutions

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

NYDFS Files First Cybersecurity Enforcement Action

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Air Canada data breach – 20,000 users of its mobile app affected

Ransomware Protection in 2021

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

It’s time to think twice about retail loyalty programs

Federal Agency Data is Under Siege

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

Sibos 2018 – a whirlwind tour of my week down under

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

Living in a data sovereign world

An Approach to Cybersecurity Risk Oversight for Corporate Directors

The Hacker Mind Podcast: Going Passwordless

Nation-State-Sponsored Attacks: Not Your Grandfather’s Cyber Attacks

Top Cybersecurity Startups to Watch in 2022

Stay Connected