Hunton Privacy

NOVEMBER 8, 2023

On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services (“NYDFS”) amended its Cybersecurity Regulation applicable to covered financial institutions. Our previous blog post covered key proposed changes to the Cyber Regulation.

Cybersecurity 72

Cybersecurity IT Compliance Financial Services 72

Security Affairs

APRIL 16, 2023

The recent campaign exclusively aims at organizations that deal with tax preparation, financial services, CPA and accounting firms, and professional service firms dealing in bookkeeping and tax. Crooks use lures masquerading as tax documentation sent by a client. LNK) files.

Phishing 90

Phishing Financial Services Education Cybersecurity 90

Security Affairs

APRIL 6, 2023

Financial services are the main target for cybercriminals, so the threat for the organizations and their customers is severe. The leak also affected Bloom Money and Admiral Money – two financial companies based in the UK, and Reed, which is the UK’s top recruitment agency. env) belonging to idkit.com, owned by OCR Labs.

IT 86

IT Financial Services Access Risk 86

Data Matters

JANUARY 28, 2022

Other government agencies, like the New York Department of Financial Services and the Federal Trade Commission, are also increasingly focused on the need for broad implementation of MFA. Like an incident response plan, MFA has become a critical element of cybersecurity programs. The post U.S.

Cybersecurity 157

Cybersecurity Financial Services Authentication Government 157

Thales Cloud Protection & Licensing

APRIL 29, 2024

This blog will briefly overview the most essential developments shaping the legislative and compliance environment. NIS2 (Network and Information Security Directive) The updated NIS Directive significantly expands the scope and rigor of cybersecurity requirements across the European Union.

Compliance 71

Compliance Cybersecurity Risk Manufacturing 71

Data Matters

JUNE 24, 2021

In the Order, the SEC alleges that First American’s disclosures concerning the vulnerability were deficient because senior executives were not provided all available and relevant information, specifically that First American’s information security personnel had identified and failed to remediate the vulnerability months earlier in January 2019.

Cybersecurity 68

Cybersecurity Financial Services Risk Compliance 68

Security Affairs

APRIL 20, 2023

If malicious actors accessed the exposed data, the company could have faced devastating consequences and put their clients at risk, as financial services are the main target for cybercriminals. million files belonging to ICICI Bank.

Personal data 97

Personal data Phishing Risk Financial Services 97

IT Governance

NOVEMBER 23, 2023

Perhaps even more concerning to EU lawmakers is how dependent society at large is on banking and other financial services. In turn, financial institutions heavily depend on ICT to be able to provide those services to begin with. That really shouldn’t surprise us – these are lucrative targets for cyber criminals.

Risk 104

Risk Data breaches Authentication Financial Services 104

Data Matters

MARCH 12, 2019

The Safeguards Rule specifies that financial institutions subject to the FTC’s jurisdiction must develop, implement, and maintain a comprehensive information security program for handling customer data. Aligning the Safeguards Rule with State Regimes.

Privacy 68

Privacy IT Information Security Insurance 68

ARMA International

NOVEMBER 7, 2019

The scope of a records and information management (RIM) program in financial services can seem overwhelming. Compared to other industries, the complexities of managing records and information in financial services are arguably some of the toughest to solve, primarily because of the intense regulatory scrutiny.

Financial Services 52

Financial Services Communications Compliance Risk 52

Security Affairs

MAY 10, 2022

Resecurity® is an Affiliate Member of FS-ISAC and an Official Member of Infragard which aim to combat cybercriminal activity targeting financial services and Internet users globally. Detailed analysis of the Phishing-As-A-Service Frappo is available here: [link]. To nominate, please visit:? Pierluigi Paganini.

Phishing 73

Phishing Retail Financial Services Data breaches 73

Data Matters

APRIL 20, 2021

DOL guidance provides a series of questions that should serve as a starting point for this review and includes topics such as the service provider’s information security standards, track record, cybersecurity insurance coverage, and cybersecurity validation techniques.

Cybersecurity 68

Cybersecurity Insurance Risk Compliance 68

Thales Cloud Protection & Licensing

JANUARY 10, 2024

Many articles and blogs portray the adequacy decision as finally allowing free personal data flow between the EU and US companies, without the implementation of additional data protection safeguards. Other regulations than the DPF may also require supplementary measures be taken to protect the privacy and integrity of sensitive data.

Data Privacy 83

Data Privacy Personal data Privacy Cloud 83

IBM Big Data Hub

JANUARY 10, 2024

This is designed to enable multiple use cases in the healthcare industry, one being secure multi-party collaboration between different institutions as shown in the following example. The industry demands a secure infrastructure that can protect sensitive financial information, prevent fraud and ensure regulatory compliance.

Security 78

Security Cloud Data Privacy Financial Services 78

Security Affairs

JUNE 9, 2019

The group of security researchers NightSt0rm published technical details about the vulnerability in a blog post on Medium. The experts explained that had access to an ATM of Diebold vendor and started analyzing the machine a simple PC running Windows OS and exposing some services implemented by the ATM provider.

Libraries 92

Libraries Communications Financial Services Risk 92

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. February 15 deadline looms for first DFS Cybersecurity Certification.

Cybersecurity 40

Cybersecurity Compliance Financial Services Risk 40

Security Affairs

OCTOBER 12, 2020

The information gathered by the security firm was used by Microsoft to receive a warrant to takedown the TrickBot servers. In this blog, we detail the evolution of Trickbot, associated tactics, recent campaigns, and dive into the anatomy of a specific attack. ” reads the post published by Microsoft.

Security 97

Security Financial Services Ransomware Access 97

Security Affairs

MAY 24, 2023

Furthermore, any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the individuals or entities designated today could be subject to U.S. correspondent or payable-through account sanctions.” ” We are in the final!

Government 82

Government Military Financial Services IT 82

Security Affairs

MAY 15, 2019

Five Security Notes included in SAP Security Patch Day for May 2019 addressed missing authorization checks in SAP products, including Treasury and Risk Management, Solution Manager and ABAP managed systems, dbpool administration, and Enterprise Financial Services. .

Security 68

Security Financial Services Risk IT 68

Data Matters

NOVEMBER 13, 2017

Its new Principles reflect its view of the positive potential for new data aggregation services while emphasizing the need to develop a workable industry model that addresses consumer privacy, limits data security risks, promotes transparency and consumer choice and protects the accuracy of financial data. The post U.S.

Financial Services 60

Financial Services Privacy Access Marketing 60

Security Affairs

JULY 30, 2019

Experts spotted a Java ATM malware that was relying on the XFS (EXtension for Financial Service) API to “ jackpot ” the infected machine. In that case, the malware was relying on the XFS (EXtension for Financial Service) API to “ jackpot ” the infected machine. Security Affairs – Java ATM malware, hacking).

Financial Services 91

Financial Services Communications Access IT 91

Data Matters

JANUARY 25, 2018

United Shore Financial Services, LLC , the plaintiff filed a putative class action against United Shore Financial Services (United Shore) and Xerox Mortgage Services, Inc. XMS) over alleged intrusions into XMS’s systems on which United Shore had stored potential borrowers’ personal information.

Data breaches 60

Data breaches Communications Financial Services Privacy 60

Data Matters

OCTOBER 8, 2020

financial institutions or firms that perform “critical financial services.”. 2 Citing the Federal Bureau of Investigation (FBI), OFAC reports that between 2018 and 2019, there was a 37% increase in reported ransomware cases with a 147% increase in ransomware-related financial losses. 1, 2020, [link].

Ransomware 68

Ransomware Compliance Risk Government 68

Data Matters

FEBRUARY 28, 2019

The post FCA Publishes Wholesale Banks and Asset Management Cyber Multi-Firm Review Findings appeared first on Data Matters Privacy Blog. For one, many had defined the threat landscape too narrowly. A full copy of the FCA report can be found here.

Cybersecurity 68

Cybersecurity Risk Marketing Financial Services 68

Data Matters

AUGUST 5, 2019

Furthermore, although entities that already comply with the breach notification requirements under certain state or federal laws (such as the Health Insurance Portability and Accountability Act (HIPAA), the New York Department of Financial Services cybersecurity regulations (23 N.Y.C.R.R.

Cybersecurity 68

Cybersecurity Data breaches Privacy Risk 68

CGI

OCTOBER 25, 2015

All of this leads one to ask: In the midst of these heightened risks, increasing regulations and digital innovation, whose role is it to make sure that financial and personal data is kept safe? The answer is easy—all key players in the finance sector, including consumers, financial services providers and systems integrators.

IT 40

IT Security Digital transformation Compliance 40

Data Matters

FEBRUARY 25, 2021

Brexit triggered a significant onshoring of legislation to ensure that the UK continued to have a functioning financial services regulatory regime. The post UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services appeared first on Data Matters Privacy Blog.

Authentication 68

Authentication Paper Risk Insurance 68

Hunton Privacy

OCTOBER 17, 2012

For instance, health care regulatory authorities may decide to enact their own industry-specific regulation requiring that personal health information be subject to additional safeguards and treated as “sensitive personal information.” In addition, the bill does not impose a generally applicable data breach notification requirement.

Personal data 45

Personal data Financial Services Data Privacy Data breaches 45

Data Matters

JANUARY 2, 2018

In 2017, the New York Department of Financial Services finalized some of the most stringent, and certainly some of the more complex, cybersecurity rules in the country. The post Privacy and Cybersecurity Top 10 for 2018 appeared first on Data Matters Privacy Blog.

Cybersecurity 68

Cybersecurity Privacy Data breaches GDPR 68

Security Affairs

MAY 24, 2023

Iran-linked threat actor Tortoiseshell targeted shipping, logistics, and financial services companies in Israel with watering hole attacks.

Financial Services 85

Financial Services Security Cybersecurity IT 85

Data Matters

AUGUST 17, 2021

The Guidance is not intended to serve as a comprehensive framework but rather provides financial institutions with examples of effective risk management practices without endorsing any specific information security framework or standard. 1 The Federal Financial Institutions Examination Council is a U.S.

Authentication 88

Authentication Access Risk Financial Services 88

IT Governance

JULY 13, 2018

The Bank of England, the PRA (Prudential Regulation Authority) and the FCA (Financial Conduct Authority) have asked the UK’s banks and financial services firms to report on their exposure to operational risks, such as cyber attacks, and explain how they would respond to system failures, such as those recently faced by Visa and TSB.

Marketing 66

Marketing Business Services Data breaches Paper 66

Security Affairs

APRIL 30, 2020

ybercriminals behind the PerSwaysion campaign gained access to many confidential corporate MS Office365 emails of mainly financial service companies, law firms, and real estate groups. The detailed technical analysis of PerSwaysion operations and attack scheme is available in Group-IB’s blog post.

Phishing 95

Phishing Cloud Financial Services Authentication 95

IT Governance

MARCH 11, 2024

Other news ISO/IEC 27006:2024 published ISO (the International Organization for Standardization) and the IEC (International electrotechnical Commission) have published a new standard in the ISO 27000 information security series.

Data Privacy 87

Data Privacy Privacy Security Data breaches 87

Data Matters

APRIL 23, 2018

Information security is not yet a science; outside of the handful of issues falling under the field of cryptography, there is no formalized system of classification. The most prepared cybersecurity programs of today will not attempt to implement a static, “out-of-the-box” solution to cyber risk.

Cybersecurity 60

Cybersecurity Risk Passwords Authentication 60

KnowBe4

MAY 31, 2023

That's right – the financial services industry, at least according to cybersecurity vendor Armorblox's 2023 Email Security Threat Report. Blog post with links: [link] [Live Demo] Ridiculously Easy Security Awareness Training and Phishing Old-school awareness training does not hack it anymore. Yup – shoe store.

Phishing 80

Phishing File names Security awareness Risk 80

Thales Cloud Protection & Licensing

DECEMBER 23, 2019

Banking, financial services, media, insurance, and e-commerce companies have the lead in transformational initiatives in India. While digital transformation is driving benefits to companies and their customers alike, it also introduces new challenges for information security professionals.

Digital transformation 15

Digital transformation Cloud Encryption Data Privacy 15