Data breaches, Definition and Financial Services

US: Surviving the service provider data breach

DLA Piper Privacy Matters

JULY 30, 2019

It’s summer, and life’s a breach. A data breach, that is. It’s your service provider’s breach, but it involves your (more likely, your customer’s) data. So put down the beach reading, for some breach reading. Who “owns” a data breach?

Data breaches

Data breaches Cybersecurity Financial Services Risk

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

JANUARY 25, 2022

Then in mid-January, Jim heard from MSF via snail mail that they’d discovered a data breach. ” According to the Native American Financial Services Association (NAFSA), a trade group in Washington, D.C. According to Buckley LLP , a financial services law firm based in Washington, D.C.,

Financial Services

Financial Services IT Data breaches Authentication

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

GDPR, the EU’s flagship data privacy and “right to be forgotten” regulation, has made the stakes of a data breach higher than ever. Thus, it can be difficult for even small enterprises to keep up with information security and data privacy compliance. In the U.S.,

Data Privacy

Data Privacy Compliance Privacy Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

The Many Challenges of a Multi-Cloud Business Environment

Thales Cloud Protection & Licensing

OCTOBER 27, 2021

At a global level, there's a broad acceptance that security teams are tightly involved with policy definition (82%), but an almost even split in relation to enforcement; 37% believe it is the security team’s responsibility while 45% believe that policy enforcement is up to the cloud provider.

Cloud

Cloud Encryption Financial Services Authentication

NYDFS finalizes cybersecurity rule amendments

Data Protection Report

NOVEMBER 2, 2023

On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. The two definitions from Section 500.1 a)), this new term applies.

Cybersecurity

Cybersecurity Compliance Financial Services Government

FTC amendment to Safeguards Rule

Data Protection Report

NOVEMBER 1, 2023

Under the Federal Trade Commission’s (“FTC”) new amendment to the Safeguards Rule (the “Amended Rule”), non-banking financial institutions will have to report certain data breaches and other security events to the agency. Why the FTC uses the terms “customers” and “consumers” interchangeably is unclear.

Encryption

Encryption Cybersecurity Data breaches Financial Services

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

On July 25, 2019, Governor Cuomo signed the two bills into law, one which amended the state’s data breach notification law, and another that created additional obligations for data breaches at credit reporting agencies. The Stop Hacks and Improve Electronic Data Security Act. codified at N.Y.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The New York State Department for Financial Services regulations require covered entities to have appropriate record retention policies and procedures and the CCPA provides an extra incentive to implement proper information governance to minimise the costs data access requests. In the U.S., Conquer the world!

Privacy

Privacy GDPR Data breaches Risk

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

The purpose of this article is to remove the fear and intimidation of domestic and global data protection laws and show how these laws and requirements are consistent with the existing objectives of your records retention schedule and information governance policy. Definition and Purpose of a Records Retention Schedule.

Personal data

Personal data GDPR Privacy Records Management

Takeaways From CCPA Public Forums

Data Matters

FEBRUARY 12, 2019

The forums won’t likely provide definitive answers, they will likely provide some of the best information available. Updating as needed additional categories of personal information to those enumerated in the bill in order to address changes in technology, data collection practices, obstacles to implementation, and privacy concerns.

Sales

Sales Privacy Data Privacy Compliance

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The New York State Department for Financial Services regulations require covered entities to have appropriate record retention policies and procedures and the CCPA provides an extra incentive to implement proper information governance to minimise the costs data access requests. In the U.S., Conquer the world!

Privacy

Privacy GDPR Data breaches Risk

California Consumer Privacy Act: The Challenge Ahead – The Interplay Between the CCPA and Financial Institutions

HL Chronicle of Data Protection

DECEMBER 7, 2018

This blog post provides background on the scope of the exemption and an overview of key considerations for financial institutions developing CCPA compliance programs. The financial services industry is one of the most heavily regulated industries when it comes to protecting the privacy of personal information. Background.

Privacy

Privacy Financial Services Compliance Data breaches

New York’s Breach Law Amendments and New Security Requirements

Data Protection Report

OCTOBER 1, 2019

Readers may recall that New York’s security breach notification law (N.Y. Law § 899-aa) differs from most states’ law in several ways including (1) using separate definitions of “personal information” and “private information;” and (2) providing factors to consider whether personal information had been acquired. 1798.150.

Security

Security Financial Services Passwords Risk

Australia: Cyber security round-up – new Cyber Security Strategy, data breach stats and more

DLA Piper Privacy Matters

MARCH 3, 2023

The discussion paper, which acknowledges that the Australian Government was “ill-equipped” to respond to the large scale data breaches which occurred in 2022 (namely Medibank and Optus), emphasises the importance of protecting customer data and enduring that Australians can continue to access critical services in the event of a cyber-attack.

Data breaches

Data breaches Security Paper Financial Services

White House Releases Cybersecurity Legislative Proposal

Hunton Privacy

MAY 13, 2011

Data Breach Notification – These provisions would establish a national data breach reporting system. The heaviest impacts are likely to be felt by the financial services, energy and IT/communication sectors.

Cybersecurity

Cybersecurity Data breaches Information Security Financial Services

Singapore Parliament Passes Personal Data Protection Act

Hunton Privacy

OCTOBER 17, 2012

The earlier discussions focused on a general data protection law that would provide a commonly accepted paradigm for the protection of personal data, but would leave more detailed rulemaking to sector-specific efforts by industry regulatory agencies.

Personal data

Personal data Financial Services Data Privacy Data breaches

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

66,702,148 known records breached in 103 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Data breached: 6.9

Data Privacy

Data Privacy Privacy Security Data breaches

The Hacker Mind Podcast: Hacking APIs

ForAllSecure

JUNE 16, 2021

With that an attacker couldn't necessarily intercept the data, but they could query the peloton API to get user data that they weren't supposed to. In other words, Peloton suffered from an API vulnerability that could potentially lead to a massive data breach. Okay, that's starting to get very personal.

Authentication

Authentication Communications IoT Security

The Hacker Mind Podcast: Hacking APIs

ForAllSecure

JUNE 16, 2021

With that an attacker couldn't necessarily intercept the data, but they could query the peloton API to get user data that they weren't supposed to. In other words, Peloton suffered from an API vulnerability that could potentially lead to a massive data breach. Okay, that's starting to get very personal.

Authentication

Authentication Communications IoT Security

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

IT Governance

JANUARY 16, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The data is no longer publicly available. Data breached: >223,000,000 records. Data breached: >7,000,000 records. Data breached: 5,500,000 records.

Data Privacy

Data Privacy Privacy Manufacturing Retail

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

IT Governance

DECEMBER 11, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Data breached: more than 59 million data records. BianLian claims to have exfiltrated 5 TB of data, comprising millions of sensitive documents. Akumin Inc.

Data Privacy

Data Privacy Energy and Utilities Privacy Manufacturing

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

IT Governance

JANUARY 23, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The data set is a collection of 1 billion credentials sourced from stealer logs and hosted on the illicit.services website. Data breached: 70,840,771 email addresses.

Data Privacy

Data Privacy Privacy Manufacturing Retail

Comments Sought on Proposed Rulemaking: Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers

Data Matters

DECEMBER 23, 2020

The topics on which input is specifically sought include the scope of the covered banking organizations, applicable definitions, standards for notice, method of notice to the regulatory agencies, timeframes for providing notice, and the impact of the proposed rule. Definition of Subject Entities: .

Security

Security Cybersecurity Insurance Communications

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Security Affairs

SEPTEMBER 1, 2023

With more data than expected being written, the extra data can overflow into adjacent memory space triggering the buffer overflow. This is achieved thanks to the second bug, which results from a difference in the SMB protocol’s definition of two related sub commands: SMB_COM_TRANSACTION2 and SMB_COM_NT_TRANSACT.

Phishing

Phishing Ransomware Search queries Access

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

Data Matters

MARCH 21, 2022

The reporting requirements will cover multiple sectors of the economy, including chemical industry entities, commercial facilities, communications sector entities, critical manufacturing, dams, financial services entities, food and agriculture sector entities, healthcare entities, information technology, energy, and transportation.

Ransomware

Ransomware Cybersecurity Agriculture Communications

CPRA Becomes the New Standard. Are You Ready?

Thales Cloud Protection & Licensing

NOVEMBER 30, 2020

Two aspects of this new law that are critical for enterprises doing business in California to understand now are: CPRA’s new definition of “Sensitive Personal Information” (SPI). The definition above is much more comprehensive and specific than those we’ve seen in other consumer privacy regulations. Safeguards children’s privacy.

Privacy

Privacy GDPR Compliance Data breaches

The Hacker Mind Podcast: Going Passwordless

ForAllSecure

JANUARY 19, 2022

You might not think of it as a major aspect of security and yet, stolen credentials are really the key to data breaches today. That's quite a narrow definition. Moffatt: Oh, it's a really good one and you can ask 10 people and you'll easily get five different answers and you definitely get the two counts.

Passwords

Passwords Authentication Access Data breaches

California Consumer Privacy Act: The Challenge Ahead — Introduction to Hogan Lovells’ Blog Series

HL Chronicle of Data Protection

SEPTEMBER 12, 2018

Revised definition of “personal information” The revised definition of “personal information” specifies that the data elements enumerated in the statute only qualify as personal information if they are linked or linkable to a consumer or household. provide additional CCPA analyses and reports.

Privacy

Privacy Compliance GDPR Data breaches

Congress Agrees – 72 Hour Cyber Incident Reporting Requirement to Take Effect

Data Protection Report

MARCH 16, 2022

Covered entities may operate in a number of critical infrastructure sectors, including energy, financial services, food and agriculture, healthcare, and information technology. The Act’s final rule will further refine and provide clarity as to which entities will fall under the Act’s definition of “covered entity.”.

Ransomware

Ransomware FOIA Agriculture Cybersecurity

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

5,255,944,117 known records breached in 128 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks.

Data Privacy

Data Privacy Privacy Manufacturing Security

Business Process Modeling Use Cases and Definition

erwin

MARCH 28, 2019

This also extends to industry-specific other compliance mandates such as those in healthcare, pharmaceutical and the financial services industries. The Regulatory Rationale for Integrating Data Management & Data Governance. The post Business Process Modeling Use Cases and Definition appeared first on erwin, Inc.

Digital transformation

Digital transformation Healthcare Compliance Financial Services

President Trump Signs Financial Services Regulatory Reform Legislation

Data Matters

JUNE 5, 2018

The definition of “banking entity” now excludes insured depository institutions (and their parent companies and affiliates) if (i) the institution has less than $10 billion in total consolidated assets and (ii) the institution’s trading assets and liabilities are less than 5 percent of its total consolidated assets.

Financial Services

Financial Services Insurance Privacy Authentication

Debate Continues on the Future of US Privacy Regulation from California to Capitol Hill

Data Matters

DECEMBER 27, 2018

Given the involvement of the California plaintiff’s bar as a signatory to the letter, it is no surprise that the coalition also seeks to do away with existing limits on the availability of a private right of action (currently only available for data breaches) to allow consumers to sue for violations of any aspect of the law.

Privacy

Privacy Data Privacy Personal data Data breaches

Information Management Today

US: Surviving the service provider data breach

Scary Fraud Ensues When ID Theft & Usury Collide

Webinars

Trending Sources

Security Compliance & Data Privacy Regulations

Webinars

Top 7 Data Governance Blog Posts of 2018

The Many Challenges of a Multi-Cloud Business Environment

NYDFS finalizes cybersecurity rule amendments

FTC amendment to Safeguards Rule

New York Enacts Stricter Data Cybersecurity Laws

The Privacy Officers’ New Year’s Resolutions

The Impact of Data Protection Laws on Your Records Retention Schedule

Takeaways From CCPA Public Forums

The Privacy Officers’ New Year’s Resolutions

California Consumer Privacy Act: The Challenge Ahead – The Interplay Between the CCPA and Financial Institutions

New York’s Breach Law Amendments and New Security Requirements

Australia: Cyber security round-up – new Cyber Security Strategy, data breach stats and more

White House Releases Cybersecurity Legislative Proposal

Singapore Parliament Passes Personal Data Protection Act

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

The Hacker Mind Podcast: Hacking APIs

The Hacker Mind Podcast: Hacking APIs

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

Comments Sought on Proposed Rulemaking: Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

CPRA Becomes the New Standard. Are You Ready?

The Hacker Mind Podcast: Going Passwordless

California Consumer Privacy Act: The Challenge Ahead — Introduction to Hogan Lovells’ Blog Series

Congress Agrees – 72 Hour Cyber Incident Reporting Requirement to Take Effect

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

Business Process Modeling Use Cases and Definition

President Trump Signs Financial Services Regulatory Reform Legislation

Debate Continues on the Future of US Privacy Regulation from California to Capitol Hill

Stay Connected