Blog, Data breaches and Financial Services - Information Management Today

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. These revisions represent the most significant modifications since the enactment of the rules in March 2017.

Financial Services

Financial Services Cybersecurity Compliance Government

Financial Services Data – More at risk than you’d believe

Thales Cloud Protection & Licensing

DECEMBER 5, 2018

One of the top findings from the 2018 Thales Data Threat Report, Financial Services Edition was that data breaches in U.S. financial services organizations are increasing at an alarming rate. Not only are breaches at record highs – with 65% of U.S. Does your organization need some of that?

Financial Services

Financial Services Risk Digital transformation Data breaches

List of data breaches and cyber attacks in September 2021 – 91 million records breached

IT Governance

SEPTEMBER 30, 2021

Report: Fitness Tracker Data Breach Exposed 61 Million Records and User Data Online (websiteplanet.com) (61,000,000). SANSA breach: International hacker group claims responsibility for Space Agency leak (thesouthafrican.com) (0). UN Computer Networks Breached by Hackers Earlier This Year (yahoo.com) (0).

Data breaches

Data breaches Ransomware Financial Services Privacy

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Summary – “Industry in One: Financial Services”

ARMA International

NOVEMBER 7, 2019

The scope of a records and information management (RIM) program in financial services can seem overwhelming. Compared to other industries, the complexities of managing records and information in financial services are arguably some of the toughest to solve, primarily because of the intense regulatory scrutiny.

Financial Services

Financial Services Communications Compliance Risk

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

Krebs on Security

DECEMBER 10, 2020

TSYS provides payment processing services, merchant services and other payment solutions, including prepaid debit cards and payroll cards. In 2019, TSYS was acquired by financial services firm Global Payments Inc. NYSE:GPN ].

Ransomware

Ransomware Financial Services Access IT

President Trump Signs Financial Services Regulatory Reform Legislation

Data Matters

JUNE 5, 2018

The post President Trump Signs Financial Services Regulatory Reform Legislation appeared first on Data Matters Privacy Blog. providing relief for many bank holding companies from stress testing requirements. easing capital and liquidity requirements and providing capital relief to community banks.

Financial Services

Financial Services Insurance Privacy Authentication

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

IT Governance

JULY 31, 2019

University of Alabama discovers 10-year-old account breach (1,400). Pennsylvania-based software firm and healthcare provider accuse each other of data theft (unknown). TX-based Wise Health reports data breach caused by phishing attack (35,899). Data breaches.

Data breaches

Data breaches Ransomware Personal data Government

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

KnowBe4

JUNE 20, 2023

1 Root Cause of Data Breaches Verizon's DBIR always has a lot of information to unpack, so I'll continue my review by covering how stolen credentials play a role in attacks. So, what does the report say about the most common threat actions that are involved in data breaches? Your employees are your last line of defense.

Data breaches

Data breaches Phishing Security awareness Ransomware

The Clock is Ticking for PCI DSS 4.0 Compliance

Thales Cloud Protection & Licensing

SEPTEMBER 18, 2023

Virtually every major financial institution, retailer, and scores of payment processors have been the victims of data breaches, incurring both financial and reputational damage. According to the 2022 Thales Data Threat Report – Financial Services Edition , 52% of U.S.

Compliance

Compliance Financial Services Data breaches Encryption

Striking a balance between security and usability of sensitive data

OpenText Information Management

DECEMBER 4, 2019

Last year, the number of personal records exposed by cyber attacks on the financial services industry was an incredible 446,575,334 – more than triple from the year before. The financial and reputational damage from these data breaches can be immense.

Financial Services

Financial Services Data breaches Security Personal data

I've Just Added 2,844 New Data Breaches With 80M Records To Have I Been Pwned

Troy Hunt

FEBRUARY 26, 2018

tl;dr - a collection of nearly 3k alleged data breaches has appeared with a bunch of data already proven legitimate from previous incidents, but also tens of millions of addresses that haven't been seen in HIBP before. It's also interesting because among nearly 3k other breaches, the data contains Dropbox.

Data breaches

Data breaches Passwords Cleanup File names

3 keys to building a robust hybrid cloud risk strategy

IBM Big Data Hub

OCTOBER 23, 2023

The global average cost of a single data breach is USD 4.45 2] Adopting a hybrid cloud approach to risk mitigation can assure an enterprise’s IT and security leaders are able to keep sensitive data and workloads safe from cyberattacks that can occur anywhere, anytime. 2] Failure to act isn’t an option.

Cloud

Cloud Risk Compliance Data breaches

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

IT Governance

NOVEMBER 13, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Records breached: 79,582 Ontario hospitals update: information relating to 5.6 Records breached: 1.3 million individuals McLaren Health Care notifies nearly 2.2

Data Privacy

Data Privacy Privacy Security Data breaches

Protection of Privilege in the Aftermath of a Data Breach

Data Matters

JANUARY 25, 2018

United Shore Financial Services, LLC , the plaintiff filed a putative class action against United Shore Financial Services (United Shore) and Xerox Mortgage Services, Inc. The post Protection of Privilege in the Aftermath of a Data Breach appeared first on Data Matters Privacy Blog.

Data breaches

Data breaches Communications Financial Services Privacy

Sidley Adds Partners Seale and Wilan to Growing Cybersecurity Practice

Data Matters

JUNE 29, 2022

She focuses her practice on cybersecurity issues, including crisis management, data breach response, internal investigations, regulatory compliance, and complex litigation. She advises clients in several industries, including financial services, hospitality, manufacturing, telecommunications, and energy.

Cybersecurity

Cybersecurity Data breaches Privacy Compliance

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

IT Governance

DECEMBER 11, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Data breached: more than 59 million data records. BianLian claims to have exfiltrated 5 TB of data, comprising millions of sensitive documents. Akumin Inc.

Data Privacy

Data Privacy Energy and Utilities Privacy Manufacturing

The aftermath of an incident – why keeping records of data breaches and privacy incidents matters

Data Protection Report

JUNE 14, 2022

As privacy incidents and security breaches involving personal information become increasingly frequent, organizations are more and more aware of the importance of implementing a robust privacy program to mitigate the risks and impacts of such incidents. Legal Obligations. Procedural Considerations.

Privacy

Privacy Data breaches Compliance Financial Services

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

5,255,944,117 known records breached in 128 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks.

Data Privacy

Data Privacy Privacy Manufacturing Security

Delivering security and scalability in today’s business landscape requires more than setting up a front line of defense

IBM Big Data Hub

DECEMBER 14, 2023

The stakes are especially high for organizations in highly regulated industries because they can be exploited through their digital supply chain, giving hackers access to consumers’ valuable and sensitive data. Consequently, these data breaches can rattle customer trust and the confidence of regulators. 

Cloud

Cloud Security Data breaches Cybersecurity

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

66,702,148 known records breached in 103 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Data breached: 6.9

Data Privacy

Data Privacy Privacy Security Data breaches

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

The public data set on the ICO (Information Commissioner’s Office) website shows that data security isn’t necessarily better for financial organisations. In fact, in 2020–2022, the financial sector was the second-most attacked sector, topped only by the retail and manufacturing sector. million (about £4.70

Risk

Risk Data breaches Authentication Financial Services

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

JANUARY 25, 2022

Then in mid-January, Jim heard from MSF via snail mail that they’d discovered a data breach. ” According to the Native American Financial Services Association (NAFSA), a trade group in Washington, D.C. According to Buckley LLP , a financial services law firm based in Washington, D.C.,

Financial Services

Financial Services IT Data breaches Authentication

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

IT Governance

JANUARY 16, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The data is no longer publicly available. Data breached: >223,000,000 records. Data breached: >7,000,000 records. Data breached: 5,500,000 records.

Data Privacy

Data Privacy Privacy Manufacturing Retail

The compliance challenges of hybrid working

IT Governance

AUGUST 26, 2021

In this blog, we look at the key issues that you will face. For example, financial services firms may be worried about employees breaching insider trading laws. Preventing data breaches. Protecting employees’ privacy.

Compliance

Compliance Data breaches Privacy Risk

OCR Labs exposes its systems, jeopardizing major banking clients

Security Affairs

APRIL 6, 2023

Data leak affected QBANK, Defence Bank, Bloom Money, Admiral Money, MA Money, and Reed. Using leaked data, threat actors could potentially breach banks’ backend infrastructure and consequently the infrastructure of their clients. Cybernews contacted OCR Labs, and the company fixed the issue.

IT

IT Financial Services Access Risk

U.S. Treasury Expresses National Perspective In Response to NAIC Insurance Data Security Model Law

Data Matters

DECEMBER 7, 2017

This Report may significantly impact the evolution of state-law cybersecurity regulations for the financial services sector. policyholders should be able to expect the same level of protection of their personal data regardless of where they live.” The Report continued, “U.S. Report at 117. The Report continued, “U.S.

Insurance

Insurance Data breaches Security Cybersecurity

Keeping Up with New Data Protection Regulations

erwin

APRIL 11, 2019

In fact, organizations should expect increasing pressure on lawmakers to introduce new data protection regulations. A number of high-profile data breaches and scandals have increased public awareness of the issue. With these precautionary steps, organizations are primed to respond if a data breach occurs.

GDPR

GDPR e-Discovery Compliance Metadata

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

IT Governance

JANUARY 23, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The data set is a collection of 1 billion credentials sourced from stealer logs and hosted on the illicit.services website. Data breached: 70,840,771 email addresses.

Data Privacy

Data Privacy Privacy Manufacturing Retail

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

Security Affairs

MAY 10, 2022

Resecurity® is an Affiliate Member of FS-ISAC and an Official Member of Infragard which aim to combat cybercriminal activity targeting financial services and Internet users globally. Detailed analysis of the Phishing-As-A-Service Frappo is available here: [link]. To nominate, please visit:? Pierluigi Paganini.

Phishing

Phishing Retail Financial Services Data breaches

Why organizations need to prioritize a PQC-readiness lab

Thales Cloud Protection & Licensing

FEBRUARY 12, 2024

Otherwise, there is a very high risk of organizational wide downtime or data breaches. Moving beyond the theoretical and into the practical is where Thales and its partners are striving to help organizations navigate through this overhaul in cryptography, as discussed in another recent blog with IBM.

Artificial Intelligence

Artificial Intelligence Cloud Risk Digital transformation

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

During the recent investigation, the Cybernews research team discovered that the bank leaked the sensitive data due to the misconfiguration of their systems. million files belonging to ICICI Bank.

Personal data

Personal data Phishing Risk Financial Services

How Multi-factor Authentication Can Benefit Your Industry

Rocket Software

AUGUST 17, 2020

For some sectors, like finance, security and data protection are top of mind for everything that is done. Financial services organizations typically experience the most data breaches and hacks, which makes security a priority. Patient data is highly sensitive and confidential. But what about healthcare?

Authentication

Authentication Financial Services Passwords Insurance

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The Court of Justice of the European Union (CJEU) will determine the validity of the EU Standard Contractual Clauses (SCCs) ( Data Protection Commissioner v Facebook Ireland Limited, Maximillan Schrems ) whilst the General Court of the EU will consider the future of Privacy Shield (La Quadrature du Net v Commission). In the U.S.,

Privacy

Privacy GDPR Data breaches Risk

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Thales Cloud Protection & Licensing

APRIL 29, 2024

However, a relentless barrage of data breaches, ransomware attacks, and sophisticated cyber threats steadily erodes this trust. This blog will briefly overview the most essential developments shaping the legislative and compliance environment.

Compliance

Compliance Cybersecurity Risk Manufacturing

Data Governance Tools: What Are They? Are They Optional?

erwin

NOVEMBER 14, 2019

Other highly regulated industries, like financial services, also face strict data privacy mandates, including those from the Basel Committee on Banking Supervision (BCBS) and the Financial Industry Regulatory Authority (FINRA). Data Governance Tools and Data Ethics.

Government

Government Data breaches Metadata GDPR

It’s time to think twice about retail loyalty programs

Thales Cloud Protection & Licensing

DECEMBER 11, 2018

As I was starting to write this blog, yet another retail program data breach occurred, for Marriott’s Starwood loyalty program. To make a long story short – the top reason that they didn’t invest in data security was “lack of perceived need” at 52%. This had me asking a simple question – Why? Doing the math perhaps?

Retail

Retail Data breaches Encryption Mining

NYDFS finalizes cybersecurity rule amendments

Data Protection Report

NOVEMBER 2, 2023

On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. The rules contain the provisions we had described in the original NYDFS proposal a year ago (see our blog post here ), but include some changes.

Cybersecurity

Cybersecurity Compliance Financial Services Government

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

402,437,094 known records breached in 240 publicly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks.

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The Court of Justice of the European Union (CJEU) will determine the validity of the EU Standard Contractual Clauses (SCCs) ( Data Protection Commissioner v Facebook Ireland Limited, Maximillan Schrems ) whilst the General Court of the EU will consider the future of Privacy Shield (La Quadrature du Net v Commission). In the U.S.,

Privacy

Privacy GDPR Data breaches Risk

California Consumer Privacy Act: The Challenge Ahead — Introduction to Hogan Lovells’ Blog Series

HL Chronicle of Data Protection

SEPTEMBER 12, 2018

The CCPA’s private right of action is limited to data breach violations. provide additional CCPA analyses and reports. The revised CCPA does not apply to the extent it infringes on the “noncommercial activities” of publishers, editors, and other like entities. Clarification of the scope of the private right of action.

Privacy

Privacy Compliance GDPR Data breaches

Consumer concerns over GDPR should set alarm bells ringing for businesses

Thales Cloud Protection & Licensing

NOVEMBER 16, 2017

Ahead of the May 2018 legislation, we’ve been asking organisations if they’re #FITforGDPR – whether they’re ready to improve their personal data protections, as well as take on the increased accountability for data breaches, should they occur. As expected, responses have been mixed. A role of responsibility.

GDPR

GDPR Retail Data breaches Financial Services

The aftermath of an incident – business considerations surrounding record-keeping

Data Protection Report

AUGUST 2, 2022

Organizations should also be aware of sector-specific statutory obligations which may apply to them, for example in health or financial services industries. In this post we discuss the operational advantages of a good privacy breach record-keeping program. Risk management and mitigation.

Compliance

Compliance Privacy Risk Financial Services

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Financial Services Data – More at risk than you’d believe

Webinars

Trending Sources

List of data breaches and cyber attacks in September 2021 – 91 million records breached

Webinars

Summary – “Industry in One: Financial Services”

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Top 7 Data Governance Blog Posts of 2018

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

President Trump Signs Financial Services Regulatory Reform Legislation

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

The Clock is Ticking for PCI DSS 4.0 Compliance

Striking a balance between security and usability of sensitive data

I've Just Added 2,844 New Data Breaches With 80M Records To Have I Been Pwned

3 keys to building a robust hybrid cloud risk strategy

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

Protection of Privilege in the Aftermath of a Data Breach

Sidley Adds Partners Seale and Wilan to Growing Cybersecurity Practice

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

The aftermath of an incident – why keeping records of data breaches and privacy incidents matters

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

Delivering security and scalability in today’s business landscape requires more than setting up a front line of defense

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

Risk Management under the DORA Regulation

Scary Fraud Ensues When ID Theft & Usury Collide

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

The compliance challenges of hybrid working

OCR Labs exposes its systems, jeopardizing major banking clients

U.S. Treasury Expresses National Perspective In Response to NAIC Insurance Data Security Model Law

Keeping Up with New Data Protection Regulations

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

Why organizations need to prioritize a PQC-readiness lab

Multinational ICICI Bank leaks passports and credit card numbers

How Multi-factor Authentication Can Benefit Your Industry

The Privacy Officers’ New Year’s Resolutions

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Data Governance Tools: What Are They? Are They Optional?

It’s time to think twice about retail loyalty programs

NYDFS finalizes cybersecurity rule amendments

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

The Privacy Officers’ New Year’s Resolutions

California Consumer Privacy Act: The Challenge Ahead — Introduction to Hogan Lovells’ Blog Series

Consumer concerns over GDPR should set alarm bells ringing for businesses

The aftermath of an incident – business considerations surrounding record-keeping

Stay Connected