Data breaches, Events and Financial Services - Information Management Today

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. This notice requirement explicitly applies to cybersecurity incidents occurring to the covered entity itself, its affiliates, or a third-party service provider.

Financial Services

Financial Services Cybersecurity Compliance Government

How to Prevent Data Breaches: Data Breach Prevention Tips

eSecurity Planet

AUGUST 22, 2023

With the ever-present threat of data breaches, organizations need to adopt best practices to help prevent breaches and to respond to them when they occur to limit any damage. And breaches will occur – because bad guys make a living by figuring out ways to circumvent security best practices.

Data breaches

Data breaches Big data Cybersecurity Security

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Thales Cloud Protection & Licensing

NOVEMBER 20, 2023

Data breaches in the retail sector illustrate the vulnerabilities inherent to this industry, emphasizing the need for robust cybersecurity measures. This finding not only underscores the vulnerability of the retail sector but also accentuates the financial repercussions of such breaches.

Retail

Retail Cybersecurity Financial Services Encryption

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. NYDFS also found that Carnival had failed to implement basic protocols to prevent data breaches.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

US: Surviving the service provider data breach

DLA Piper Privacy Matters

JULY 30, 2019

It’s summer, and life’s a breach. A data breach, that is. It’s your service provider’s breach, but it involves your (more likely, your customer’s) data. So put down the beach reading, for some breach reading. Who “owns” a data breach?

Data breaches

Data breaches Cybersecurity Financial Services Risk

FTC amendment to Safeguards Rule

Data Protection Report

NOVEMBER 1, 2023

Under the Federal Trade Commission’s (“FTC”) new amendment to the Safeguards Rule (the “Amended Rule”), non-banking financial institutions will have to report certain data breaches and other security events to the agency. The FTC will publish information from the notification event report on a publicly available database.

Encryption

Encryption Cybersecurity Data breaches Financial Services

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity

Cybersecurity Financial Services Data breaches Insurance

NYDFS finalizes cybersecurity rule amendments

Data Protection Report

NOVEMBER 2, 2023

On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. NYDFS retained the broader term “cybersecurity event” that it uses in several sections of the regulation, but, with respect to notifications to NYDFS (§ 500.17(a)),

Cybersecurity

Cybersecurity Compliance Financial Services Government

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

The public data set on the ICO (Information Commissioner’s Office) website shows that data security isn’t necessarily better for financial organisations. In fact, in 2020–2022, the financial sector was the second-most attacked sector, topped only by the retail and manufacturing sector. million (about £4.70

Risk

Risk Data breaches Authentication Financial Services

NYDFS settles cybersecurity regulation matter for $3 million

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. The regulation requires that a licensee report a cybersecurity event to NYDFS within 72 hours of its determination of the event. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Financial Services Phishing Compliance

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

JANUARY 25, 2022

Then in mid-January, Jim heard from MSF via snail mail that they’d discovered a data breach. ” According to the Native American Financial Services Association (NAFSA), a trade group in Washington, D.C. According to Buckley LLP , a financial services law firm based in Washington, D.C.,

Financial Services

Financial Services IT Data breaches Authentication

Keeping Up with New Data Protection Regulations

erwin

APRIL 11, 2019

In fact, organizations should expect increasing pressure on lawmakers to introduce new data protection regulations. A number of high-profile data breaches and scandals have increased public awareness of the issue. The Regulatory Rationale for Integrating Data Management & Data Governance.

GDPR

GDPR e-Discovery Compliance Metadata

The compliance challenges of hybrid working

IT Governance

AUGUST 26, 2021

For example, financial services firms may be worried about employees breaching insider trading laws. Preventing data breaches. Monitoring software is therefore essential to ensure that data breaches are spotted promptly and to give your organisation the opportunity to respond.

Compliance

Compliance Data breaches Privacy Risk

Q&A: How emulating attacks in a live environment can more pervasively protect complex networks

The Last Watchdog

SEPTEMBER 4, 2018

Spirent refers to this as “data breach emulation,’’ something David DeSanto, Spirent’s threat research director, told me is designed to give companyies a great advantage; it makes it possible to see precisely how the latest ransomware or crypto mining malware would impact a specific network, with all of its quirky complexity.

Data breaches

Data breaches Honeypots Digital transformation Mining

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

Major data breaches in recent years are spurring state legislators and regulators across the US into action. The NYDFS Cybersecurity Regulation requires covered entities – banks, insurance companies, and other financial services institutions – to implement a wide range of practices to manage cybersecurity risk.

Insurance

Insurance Cybersecurity Data breaches Financial Services

Summary – “Industry in One: Financial Services”

ARMA International

NOVEMBER 7, 2019

The scope of a records and information management (RIM) program in financial services can seem overwhelming. Compared to other industries, the complexities of managing records and information in financial services are arguably some of the toughest to solve, primarily because of the intense regulatory scrutiny.

Financial Services

Financial Services Communications Compliance Risk

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. Data breach litigation risks. Federal Data Breach Legislation.

Cybersecurity

Cybersecurity Privacy Data breaches GDPR

Marriott Breach: More than 500 Million Guest Affected

Adam Levin

NOVEMBER 30, 2018

If you prefer a more laid back approach, sign up for free transaction alerts from financial services institutions and credit card companies, or subscribe to a credit and identity monitoring program, 3. There are places to check your credit score for free online, and most credit cards let you see your FICO score. Manage the damage.

Financial Services

Financial Services Encryption Passwords Communications

What is credential stuffing? And how to prevent it?

Security Affairs

MARCH 29, 2022

Earmarked by the FBI as a particular threat to the financial service industry just over a year ago, the increase of internet traffic, data breaches and API usage all contribute to the perfect conditions for successful credential stuffing attacks. In that event, you should probably also change your password.

IT

IT Passwords Authentication Data Privacy

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. Proper disposal processes minimize the amount of NPI accessible to an unauthorized third party during a Cyber Event.”

Cybersecurity

Cybersecurity Personal data Risk Financial Services

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Upcoming certifications.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

OCTOBER 4, 2018

Covered Entities must maintain the records required by these obligations for five years and three years respectively.

Cybersecurity

Cybersecurity Encryption Financial Services Compliance

Australia: Cyber security round-up – new Cyber Security Strategy, data breach stats and more

DLA Piper Privacy Matters

MARCH 3, 2023

The discussion paper, which acknowledges that the Australian Government was “ill-equipped” to respond to the large scale data breaches which occurred in 2022 (namely Medibank and Optus), emphasises the importance of protecting customer data and enduring that Australians can continue to access critical services in the event of a cyber-attack.

Data breaches

Data breaches Security Paper Financial Services

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

ARMA International

AUGUST 2, 2019

with Equifax in connection with a 2017 data breach that exposed sensitive, personal data of around 147 million people. According to the FTC’s press release, the data breach included “names and dates of birth, Social Security numbers, physical addresses, and other personal information that could lead to identity theft and fraud.”

Cloud

Cloud Data breaches Encryption Access

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

For instance, Canada has a data protection law 3 and is currently considering a new data protection law that places even more restrictions on the retention and use of personal data than the GDPR 4. The United States does not have a Federal data protection law that protects all consumers.

Personal data

Personal data GDPR Privacy Records Management

California Consumer Privacy Act: The Challenge Ahead – The Interplay Between the CCPA and Financial Institutions

HL Chronicle of Data Protection

DECEMBER 7, 2018

This blog post provides background on the scope of the exemption and an overview of key considerations for financial institutions developing CCPA compliance programs. The financial services industry is one of the most heavily regulated industries when it comes to protecting the privacy of personal information. Background.

Privacy

Privacy Financial Services Compliance Data breaches

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

OCTOBER 4, 2018

Covered Entities must maintain the records required by these obligations for five years and three years respectively.

Cybersecurity

Cybersecurity Encryption Financial Services Compliance

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

OCTOBER 4, 2018

Covered Entities must maintain the records required by these obligations for five years and three years respectively.

Cybersecurity

Cybersecurity Encryption Financial Services Compliance

Federal Agency Data is Under Siege

Thales Cloud Protection & Licensing

JULY 24, 2018

Question: Can you provide an overview of the 2018 Thales Data Threat Report, Federal Edition, and elaborate why it’s needed today more than ever? Our 2018 Thales Data Threat Report, Federal Edition , issued in conjunction with analyst firm 451 Research, polled U.S. Question: In a world where some 68 percent of U.S.

Encryption

Encryption Cloud Data breaches Government

The UK ICO’s Regulatory Sandbox Points to a Future of Pro-Active Engagement

HL Chronicle of Data Protection

JULY 9, 2019

Most organisations will only come into contact with an authority if there has been a complaint issued against them by a data subject, or when they are required to report a personal data breach. In the UK financial services industry, the Financial Conduct Authority (FCA) introduced a regulatory sandbox in 2015.

GDPR

GDPR Personal data Privacy Financial Services

Cybersecurity: Managing Risks With Third Party Companies

Cyber Info Veritas

JULY 19, 2018

Did you know that 63% of all data breaches are directly or indirectly linked to third party companies? This article will focus on some strategies that organizations should consider implementing in order to mitigate their cybersecurity risk as far as third-party service providers are concerned.

Risk

Risk Cybersecurity Compliance Data breaches

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

KnowBe4

JUNE 20, 2023

1 Root Cause of Data Breaches Verizon's DBIR always has a lot of information to unpack, so I'll continue my review by covering how stolen credentials play a role in attacks. So, what does the report say about the most common threat actions that are involved in data breaches?

Data breaches

Data breaches Phishing Security awareness Ransomware

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

IT Governance

DECEMBER 11, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Data breached: more than 59 million data records. BianLian claims to have exfiltrated 5 TB of data, comprising millions of sensitive documents. Akumin Inc.

Data Privacy

Data Privacy Energy and Utilities Privacy Manufacturing

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

IT Governance

JANUARY 23, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The data set is a collection of 1 billion credentials sourced from stealer logs and hosted on the illicit.services website. Data breached: 70,840,771 email addresses.

Data Privacy

Data Privacy Privacy Manufacturing Retail

Network Encryption Keeps Our Data in Motion Secure for Business Services

Thales Cloud Protection & Licensing

JULY 24, 2023

Data-in-motion encryption is vital to all businesses but let’s explore some verticals in the private sector, each with its own requirements and needs for protecting data in motion. Financial Services Financial organizations operate in a highly regulated environment and undergo frequent audits to prove compliance.

Business Services

Business Services Encryption Manufacturing Security

Comments Sought on Proposed Rulemaking: Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers

Data Matters

DECEMBER 23, 2020

Generally, if finalized, the NPR would require banking organizations and bank service providers (each, as defined further below) to provide accelerated notices of certain cybersecurity and related events. 11 This standard will likely generate significant comments from service providers who will find the requirement unworkable.

Security

Security Cybersecurity Insurance Communications

The Hacker Mind Podcast: Going Passwordless

ForAllSecure

JANUARY 19, 2022

You might not think of it as a major aspect of security and yet, stolen credentials are really the key to data breaches today. Moffatt: I think tokens are typically what I guess happens once somebody has authenticated so once the authentication event is taking place, and you've identified it, yeah, this is some Simon coming back.

Passwords

Passwords Authentication Access Data breaches

Survey Says…Cybersecurity Remains A Critical Challenge For Business

Privacy and Cybersecurity Law

MARCH 23, 2018

Organizations must be better prepared for cybersecurity incidents, which can result from unintentional events or deliberate attacks by insiders or third parties, such as cyber criminals, competitors, nation-states, and “hacktivists.” a human factor), and 28% involved system glitches, including IT and business process failures.

Cybersecurity

Cybersecurity Artificial Intelligence Data breaches IoT

Reltio Supports Apple CEO Tim Cook’s Clarion Call for Stronger US Customer Data Privacy Laws

Reltio

OCTOBER 24, 2018

Providing customers a way to make data-related requests. Deploying processes for required data access, change and deletion. Implementing a mechanism in place for timely reporting of a data breach. At the same time, they must have the power to trace and maintain data lineage across all attributes.

Data Privacy

Data Privacy Privacy GDPR Compliance

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

Data Matters

MARCH 21, 2022

The reporting requirements will cover multiple sectors of the economy, including chemical industry entities, commercial facilities, communications sector entities, critical manufacturing, dams, financial services entities, food and agriculture sector entities, healthcare entities, information technology, energy, and transportation.

Ransomware

Ransomware Cybersecurity Agriculture Communications

List of data breaches and cyber attacks in September 2021 – 91 million records breached

IT Governance

SEPTEMBER 30, 2021

PA: Penelec customers must reset passwords after security breach (databreaches.net) (0). Hacked hospital patients’ data ‘not important’ (bangkokpost.com) (10,000). Nevada Restaurant Services, Inc. Provides Notice Of Data Privacy Event | | djournal.com (0). Ransomware and malware.

Data breaches

Data breaches Ransomware Financial Services Privacy

Best Network Security Tools 2021

eSecurity Planet

MAY 27, 2021

Security information and event management SIEM Splunk IBM. Breach and attack simulation (BAS): XM Cyber. XM Cyber launched in 2016 and is a winner for its innovation in the breach and attack simulation arena. Security information and event management (SIEM): Splunk. SIEM: Security Information and Event Management.

Security

Security Cloud Analytics Access

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Deduce is an identity-focused cybersecurity startup with two core solutions: Customer Alerts for protecting users and their data from account takeover and compromise, and Identity Insights for validating legitimate users and stopping fraud. Randori bills itself as the world’s first automated breach and attack simulation (BAS) platform.

Cybersecurity

Cybersecurity Cloud Compliance Analytics

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

How to Prevent Data Breaches: Data Breach Prevention Tips

Webinars

Trending Sources

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Webinars

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

US: Surviving the service provider data breach

FTC amendment to Safeguards Rule

New York State Expected to Increase Enforcement of Cybersecurity Practices

NYDFS finalizes cybersecurity rule amendments

Risk Management under the DORA Regulation

NYDFS settles cybersecurity regulation matter for $3 million

Scary Fraud Ensues When ID Theft & Usury Collide

Keeping Up with New Data Protection Regulations

The compliance challenges of hybrid working

Q&A: How emulating attacks in a live environment can more pervasively protect complex networks

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

Summary – “Industry in One: Financial Services”

Privacy and Cybersecurity Top 10 for 2018

Marriott Breach: More than 500 Million Guest Affected

What is credential stuffing? And how to prevent it?

NYDFS settles with EyeMed for $4.5 million

Transition period under New York Cybersecurity Regulation ends March 1, 2019

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

Australia: Cyber security round-up – new Cyber Security Strategy, data breach stats and more

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

The Impact of Data Protection Laws on Your Records Retention Schedule

California Consumer Privacy Act: The Challenge Ahead – The Interplay Between the CCPA and Financial Institutions

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

Federal Agency Data is Under Siege

The UK ICO’s Regulatory Sandbox Points to a Future of Pro-Active Engagement

Cybersecurity: Managing Risks With Third Party Companies

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

Network Encryption Keeps Our Data in Motion Secure for Business Services

Comments Sought on Proposed Rulemaking: Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers

The Hacker Mind Podcast: Going Passwordless

Survey Says…Cybersecurity Remains A Critical Challenge For Business

Reltio Supports Apple CEO Tim Cook’s Clarion Call for Stronger US Customer Data Privacy Laws

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

List of data breaches and cyber attacks in September 2021 – 91 million records breached

Best Network Security Tools 2021

Top Cybersecurity Startups to Watch in 2022

Stay Connected