Blog, Data breaches and Financial Services - Information Management Today

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. These revisions represent the most significant modifications since the enactment of the rules in March 2017.

Financial Services

Financial Services Cybersecurity Compliance Government

Financial Services Data – More at risk than you’d believe

Thales Cloud Protection & Licensing

DECEMBER 5, 2018

One of the top findings from the 2018 Thales Data Threat Report, Financial Services Edition was that data breaches in U.S. financial services organizations are increasing at an alarming rate. Not only are breaches at record highs – with 65% of U.S. Does your organization need some of that?

Financial Services

Financial Services Risk Digital transformation Data breaches

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

Krebs on Security

DECEMBER 10, 2020

TSYS provides payment processing services, merchant services and other payment solutions, including prepaid debit cards and payroll cards. In 2019, TSYS was acquired by financial services firm Global Payments Inc. NYSE:GPN ].

Ransomware

Ransomware Financial Services Access IT

The Clock is Ticking for PCI DSS 4.0 Compliance

Thales Cloud Protection & Licensing

SEPTEMBER 18, 2023

Virtually every major financial institution, retailer, and scores of payment processors have been the victims of data breaches, incurring both financial and reputational damage. According to the 2022 Thales Data Threat Report – Financial Services Edition , 52% of U.S.

Compliance

Compliance Financial Services Data breaches Encryption

Striking a balance between security and usability of sensitive data

OpenText Information Management

DECEMBER 4, 2019

Last year, the number of personal records exposed by cyber attacks on the financial services industry was an incredible 446,575,334 – more than triple from the year before. The financial and reputational damage from these data breaches can be immense.

Financial Services

Financial Services Data breaches Security Personal data

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

IT Governance

NOVEMBER 13, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Records breached: 79,582 Ontario hospitals update: information relating to 5.6 Records breached: 1.3 million individuals McLaren Health Care notifies nearly 2.2

Data Privacy

Data Privacy Privacy Security Data breaches

Protection of Privilege in the Aftermath of a Data Breach

Data Matters

JANUARY 25, 2018

United Shore Financial Services, LLC , the plaintiff filed a putative class action against United Shore Financial Services (United Shore) and Xerox Mortgage Services, Inc. The post Protection of Privilege in the Aftermath of a Data Breach appeared first on Data Matters Privacy Blog.

Data breaches

Data breaches Communications Financial Services Privacy

Sidley Adds Partners Seale and Wilan to Growing Cybersecurity Practice

Data Matters

JUNE 29, 2022

She focuses her practice on cybersecurity issues, including crisis management, data breach response, internal investigations, regulatory compliance, and complex litigation. She advises clients in several industries, including financial services, hospitality, manufacturing, telecommunications, and energy.

Cybersecurity

Cybersecurity Data breaches Privacy Compliance

The aftermath of an incident – why keeping records of data breaches and privacy incidents matters

Data Protection Report

JUNE 14, 2022

As privacy incidents and security breaches involving personal information become increasingly frequent, organizations are more and more aware of the importance of implementing a robust privacy program to mitigate the risks and impacts of such incidents. Legal Obligations. Procedural Considerations.

Privacy

Privacy Data breaches Compliance Financial Services

Delivering security and scalability in today’s business landscape requires more than setting up a front line of defense

IBM Big Data Hub

DECEMBER 14, 2023

The stakes are especially high for organizations in highly regulated industries because they can be exploited through their digital supply chain, giving hackers access to consumers’ valuable and sensitive data. Consequently, these data breaches can rattle customer trust and the confidence of regulators. 

Cloud

Cloud Security Data breaches Cybersecurity

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

The public data set on the ICO (Information Commissioner’s Office) website shows that data security isn’t necessarily better for financial organisations. In fact, in 2020–2022, the financial sector was the second-most attacked sector, topped only by the retail and manufacturing sector. million (about £4.70

Risk

Risk Data breaches Authentication Financial Services

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

JANUARY 25, 2022

Then in mid-January, Jim heard from MSF via snail mail that they’d discovered a data breach. ” According to the Native American Financial Services Association (NAFSA), a trade group in Washington, D.C. According to Buckley LLP , a financial services law firm based in Washington, D.C.,

Financial Services

Financial Services IT Data breaches Authentication

The compliance challenges of hybrid working

IT Governance

AUGUST 26, 2021

In this blog, we look at the key issues that you will face. For example, financial services firms may be worried about employees breaching insider trading laws. Preventing data breaches. Protecting employees’ privacy.

Compliance

Compliance Data breaches Privacy Risk

OCR Labs exposes its systems, jeopardizing major banking clients

Security Affairs

APRIL 6, 2023

Data leak affected QBANK, Defence Bank, Bloom Money, Admiral Money, MA Money, and Reed. Using leaked data, threat actors could potentially breach banks’ backend infrastructure and consequently the infrastructure of their clients. Cybernews contacted OCR Labs, and the company fixed the issue.

IT

IT Financial Services Access Risk

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Thales Cloud Protection & Licensing

APRIL 29, 2024

However, a relentless barrage of data breaches, ransomware attacks, and sophisticated cyber threats steadily erodes this trust. This blog will briefly overview the most essential developments shaping the legislative and compliance environment.

Why organizations need to prioritize a PQC-readiness lab

Thales Cloud Protection & Licensing

FEBRUARY 12, 2024

Otherwise, there is a very high risk of organizational wide downtime or data breaches. Moving beyond the theoretical and into the practical is where Thales and its partners are striving to help organizations navigate through this overhaul in cryptography, as discussed in another recent blog with IBM.

Artificial Intelligence

Artificial Intelligence Cloud Risk Digital transformation

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

Security Affairs

MAY 10, 2022

Resecurity® is an Affiliate Member of FS-ISAC and an Official Member of Infragard which aim to combat cybercriminal activity targeting financial services and Internet users globally. Detailed analysis of the Phishing-As-A-Service Frappo is available here: [link]. To nominate, please visit:? Pierluigi Paganini.

Phishing

Phishing Retail Financial Services Data breaches

Keeping Up with New Data Protection Regulations

erwin

APRIL 11, 2019

In fact, organizations should expect increasing pressure on lawmakers to introduce new data protection regulations. A number of high-profile data breaches and scandals have increased public awareness of the issue. With these precautionary steps, organizations are primed to respond if a data breach occurs.

GDPR

GDPR e-Discovery Compliance Metadata

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

During the recent investigation, the Cybernews research team discovered that the bank leaked the sensitive data due to the misconfiguration of their systems. million files belonging to ICICI Bank.

Personal data

Personal data Phishing Risk Financial Services

How Multi-factor Authentication Can Benefit Your Industry

Rocket Software

AUGUST 17, 2020

For some sectors, like finance, security and data protection are top of mind for everything that is done. Financial services organizations typically experience the most data breaches and hacks, which makes security a priority. Patient data is highly sensitive and confidential. But what about healthcare?

Authentication

Authentication Financial Services Passwords Insurance

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The Court of Justice of the European Union (CJEU) will determine the validity of the EU Standard Contractual Clauses (SCCs) ( Data Protection Commissioner v Facebook Ireland Limited, Maximillan Schrems ) whilst the General Court of the EU will consider the future of Privacy Shield (La Quadrature du Net v Commission). In the U.S.,

Privacy

Privacy GDPR Data breaches Risk

It’s time to think twice about retail loyalty programs

Thales Cloud Protection & Licensing

DECEMBER 11, 2018

As I was starting to write this blog, yet another retail program data breach occurred, for Marriott’s Starwood loyalty program. To make a long story short – the top reason that they didn’t invest in data security was “lack of perceived need” at 52%. This had me asking a simple question – Why? Doing the math perhaps?

Retail

Retail Data breaches Encryption Mining

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

402,437,094 known records breached in 240 publicly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks.

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

NYDFS finalizes cybersecurity rule amendments

Data Protection Report

NOVEMBER 2, 2023

On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. The rules contain the provisions we had described in the original NYDFS proposal a year ago (see our blog post here ), but include some changes.

Cybersecurity

Cybersecurity Compliance Financial Services Government

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The Court of Justice of the European Union (CJEU) will determine the validity of the EU Standard Contractual Clauses (SCCs) ( Data Protection Commissioner v Facebook Ireland Limited, Maximillan Schrems ) whilst the General Court of the EU will consider the future of Privacy Shield (La Quadrature du Net v Commission). In the U.S.,

Privacy

Privacy GDPR Data breaches Risk

Consumer concerns over GDPR should set alarm bells ringing for businesses

Thales Cloud Protection & Licensing

NOVEMBER 16, 2017

Ahead of the May 2018 legislation, we’ve been asking organisations if they’re #FITforGDPR – whether they’re ready to improve their personal data protections, as well as take on the increased accountability for data breaches, should they occur. As expected, responses have been mixed. A role of responsibility.

GDPR

GDPR Retail Data breaches Financial Services

Summary – “Industry in One: Financial Services”

ARMA International

NOVEMBER 7, 2019

The scope of a records and information management (RIM) program in financial services can seem overwhelming. Compared to other industries, the complexities of managing records and information in financial services are arguably some of the toughest to solve, primarily because of the intense regulatory scrutiny.

Financial Services

Financial Services Communications Compliance Risk

The aftermath of an incident – business considerations surrounding record-keeping

Data Protection Report

AUGUST 2, 2022

Organizations should also be aware of sector-specific statutory obligations which may apply to them, for example in health or financial services industries. In this post we discuss the operational advantages of a good privacy breach record-keeping program. Risk management and mitigation.

Compliance

Compliance Privacy Risk Financial Services

Unlocking value: Top digital transformation trends

IBM Big Data Hub

JANUARY 15, 2024

They diverted money and resources to establish powerful tele-health services like video conferencing and enhance patient access to health records. But doing so required a significant investment in data protection and cybersecurity enhancements as a data breach containing sensitive medical information could be catastrophic.

Digital transformation

Digital transformation Customer Experience Artificial Intelligence IoT

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. Data breach litigation risks. Federal Data Breach Legislation.

Cybersecurity

Cybersecurity Privacy Data breaches GDPR

How Jamworks protects confidentiality while integrating AI advantages

IBM Big Data Hub

JANUARY 12, 2024

Confidential AI, enabled by confidential compute, offers innovative solutions to safeguard privacy, prevent data breaches and maintain compliance with regulatory requirements.

Cloud

Cloud Data Privacy Encryption Privacy

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

On July 25, 2019, Governor Cuomo signed the two bills into law, one which amended the state’s data breach notification law, and another that created additional obligations for data breaches at credit reporting agencies. The Identity Theft Prevention and Mitigation Services Act. codified at N.Y.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Data Matters

APRIL 20, 2021

This development indicates that sponsors and fiduciaries may soon be subject to focused scrutiny over their cybersecurity practices in DOL investigations and adds to the multiple existing sources of cybersecurity legal risk in the wake of data breaches or insufficient cybersecurity controls.

Cybersecurity

Cybersecurity Insurance Risk Compliance

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. February 15 deadline looms for first DFS Cybersecurity Certification.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

IT Governance

JULY 31, 2019

University of Alabama discovers 10-year-old account breach (1,400). Pennsylvania-based software firm and healthcare provider accuse each other of data theft (unknown). TX-based Wise Health reports data breach caused by phishing attack (35,899). Data breaches.

Data breaches

Data breaches Ransomware Personal data Government

U.S. Consumer Financial Protection Bureau’s Principles for Data Aggregation Services Could Have Broad Implications

Data Matters

NOVEMBER 13, 2017

Its new Principles reflect its view of the positive potential for new data aggregation services while emphasizing the need to develop a workable industry model that addresses consumer privacy, limits data security risks, promotes transparency and consumer choice and protects the accuracy of financial data.

Financial Services

Financial Services Privacy Access Marketing

California Consumer Privacy Act: The Challenge Ahead – The Interplay Between the CCPA and Financial Institutions

HL Chronicle of Data Protection

DECEMBER 7, 2018

Determining whether information a financial institution processes is covered by the exemption or not can be challenging and is something that financial institutions will need to analyze for their operations. The legislature also clarified that the exemption does not apply to the data breach liability provisions of the CCPA.

Privacy

Privacy Financial Services Compliance Data breaches

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

Data Matters

SEPTEMBER 24, 2019

We provide a brief overview of BDPA’s principles relating to the processing of personal data, requirements with respect to data subject rights, international transfers, and compliance. Companies in the financial services, technology, airline and hotel industries are among those that could face substantial compliance obligations.

Personal data

Personal data GDPR Data Privacy Privacy

Federal Agency Data is Under Siege

Thales Cloud Protection & Licensing

JULY 24, 2018

Question: Can you provide an overview of the 2018 Thales Data Threat Report, Federal Edition, and elaborate why it’s needed today more than ever? Our 2018 Thales Data Threat Report, Federal Edition , issued in conjunction with analyst firm 451 Research, polled U.S. Question: In a world where some 68 percent of U.S.

Encryption

Encryption Cloud Data breaches Government

Medical Records Storage and Physicians’ Responsibilities Upon Closing their Practice

Shoreline Records Management

AUGUST 21, 2023

With the advent of electronic health records (EHRs) and the increasing emphasis on data security and accessibility, the role of offsite medical records storage has become paramount, especially in the context of physicians’ responsibilities as they seek to close their practice.

Records Management

Records Management Paper Compliance Access

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

KnowBe4

JUNE 20, 2023

1 Root Cause of Data Breaches Verizon's DBIR always has a lot of information to unpack, so I'll continue my review by covering how stolen credentials play a role in attacks. So, what does the report say about the most common threat actions that are involved in data breaches? Your employees are your last line of defense.

Data breaches

Data breaches Phishing Security awareness Ransomware

FCA Publishes Wholesale Banks and Asset Management Cyber Multi-Firm Review Findings

Data Matters

FEBRUARY 28, 2019

The post FCA Publishes Wholesale Banks and Asset Management Cyber Multi-Firm Review Findings appeared first on Data Matters Privacy Blog. For one, many had defined the threat landscape too narrowly. A full copy of the FCA report can be found here.

Cybersecurity

Cybersecurity Risk Marketing Financial Services

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Financial Services Data – More at risk than you’d believe

Webinars

Trending Sources

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Webinars

Top 7 Data Governance Blog Posts of 2018

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

The Clock is Ticking for PCI DSS 4.0 Compliance

Striking a balance between security and usability of sensitive data

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

Protection of Privilege in the Aftermath of a Data Breach

Sidley Adds Partners Seale and Wilan to Growing Cybersecurity Practice

The aftermath of an incident – why keeping records of data breaches and privacy incidents matters

Delivering security and scalability in today’s business landscape requires more than setting up a front line of defense

Risk Management under the DORA Regulation

Scary Fraud Ensues When ID Theft & Usury Collide

The compliance challenges of hybrid working

OCR Labs exposes its systems, jeopardizing major banking clients

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Why organizations need to prioritize a PQC-readiness lab

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

Keeping Up with New Data Protection Regulations

Multinational ICICI Bank leaks passports and credit card numbers

How Multi-factor Authentication Can Benefit Your Industry

The Privacy Officers’ New Year’s Resolutions

It’s time to think twice about retail loyalty programs

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

NYDFS finalizes cybersecurity rule amendments

The Privacy Officers’ New Year’s Resolutions

Consumer concerns over GDPR should set alarm bells ringing for businesses

Summary – “Industry in One: Financial Services”

The aftermath of an incident – business considerations surrounding record-keeping

Unlocking value: Top digital transformation trends

Privacy and Cybersecurity Top 10 for 2018

How Jamworks protects confidentiality while integrating AI advantages

New York Enacts Stricter Data Cybersecurity Laws

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Transition period under New York Cybersecurity Regulation ends March 1, 2019

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

U.S. Consumer Financial Protection Bureau’s Principles for Data Aggregation Services Could Have Broad Implications

California Consumer Privacy Act: The Challenge Ahead – The Interplay Between the CCPA and Financial Institutions

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

Federal Agency Data is Under Siege

Medical Records Storage and Physicians’ Responsibilities Upon Closing their Practice

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

FCA Publishes Wholesale Banks and Asset Management Cyber Multi-Firm Review Findings

Stay Connected