Financial Services and Information Security - Information Management Today

Toyota Financial Services discloses a data breach

Security Affairs

DECEMBER 11, 2023

Toyota Financial Services (TFS) disclosed a data breach, threat actors had access to sensitive personal and financial data. Toyota Financial Services (TFS) is warning customers it has suffered a data breach that exposed sensitive personal and financial data.

Financial Services

Financial Services Data breaches Ransomware Insurance

Medusa ransomware gang claims the hack of Toyota Financial Services

Security Affairs

NOVEMBER 17, 2023

Toyota Financial Services discloses unauthorized activity on systems after the Medusa ransomware gang claimed to have hacked the company. Toyota Financial Services confirmed the discovery of unauthorized activity on systems in a limited number of its locations. The company has yet to disclose a data breach.

Financial Services

Financial Services Ransomware Data breaches Insurance

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. These revisions represent the most significant modifications since the enactment of the rules in March 2017.

Financial Services

Financial Services Cybersecurity Compliance Government

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Reducing Risk by Breaking Down Supply Chain Siloes

Data Breach Today

AUGUST 3, 2022

Supply chain risk must be part of an enterprisewide risk management program framework, says information security manager Matt Marciniak of financial service firm Quantile. Reducing risk requires an agile approach to supplier management, he says.

Risk

Risk Financial Services Information Security Security

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. The post New York Department of Financial Services Issues First Guidance by a U.S. Issuance of the Framework is notable as it represents the first official guidance by a U.S. 1 See W.B.

Insurance

Insurance Financial Services Cybersecurity Risk

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Hunton Privacy

APRIL 22, 2020

On April 13, 2020, the New York Department of Financial Services (“NYDFS”) issued guidance (“April guidance”) to all New York State entities covered under NYDFS’s cybersecurity regulation regarding assessing and addressing heightened cybersecurity risks due to the COVID-19 pandemic.

Financial Services

Financial Services Cybersecurity Phishing Risk

Deploying applications built in external CI through IBM Cloud DevSecOps

IBM Big Data Hub

OCTOBER 10, 2023

These attacks are even more detrimental in critical systems, which include IT infrastructure and financial services organizations. IBM Cloud for Financial Services This is where IBM Cloud for Financial Services shines—it helps clients to fill that gap by supporting innovation while guaranteeing security and compliance.

Cloud

Cloud Financial Services Compliance Risk

Vermont Enacts Insurance Data Security Law

Hunton Privacy

JUNE 9, 2022

The new law generally follows MDL-668’s provisions, adopting the model law’s broad definition of nonpublic information and requiring licensees to, in part, maintain a written information security program (“WISP”) and investigate cybersecurity incidents. Information Security Program Requirements.

Insurance

Insurance Security Information Security Cybersecurity

LoanDepot data breach impacted roughly 16.6 individuals

Security Affairs

JANUARY 23, 2024

Financial services company LoanDepot disclosed a data breach that impacted roughly 16.6 LoanDepot is a financial services company that primarily operates as a mortgage lender. The company provides a range of mortgage and non-mortgage loan products and services. million individuals. million individuals.

Data breaches

Data breaches Financial Services Cybersecurity Ransomware

The Clock is Ticking for PCI DSS 4.0 Compliance

Thales Cloud Protection & Licensing

SEPTEMBER 18, 2023

According to the 2022 Thales Data Threat Report – Financial Services Edition , 52% of U.S. financial services organizations report that they have experienced a data breach in the past. Even more alarming, 43% reported an increase in the volume, severity, and scope of cyberattacks in the last year.

Compliance

Compliance Financial Services Data breaches Encryption

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

Thales Cloud Protection & Licensing

JANUARY 11, 2023

Tune into this webinar to hear from experts from Thales and IDC on how to approach data protection in a cloud computing ecosystem, and the challenges around orchestrating effective security controls in a hybrid cloud environment that depend on proprietary tools and APIs. Security & Compliance for SAP Data in Financial Services.

Compliance

Compliance Cloud Security Financial Services

Episode 247: Into the AppSec Trenches with Robinhood CSO Caleb Sima

The Security Ledger

DECEMBER 21, 2022

Paul speaks with Caleb Sima, the CSO of the online trading platform Robinhood, about his journey from teenage cybersecurity phenom and web security pioneer, to successful entrepreneur to an executive in the trenches of protecting high value financial services firms from cyberattacks. Read the whole entry. »

Financial Services

Financial Services Cybersecurity Data breaches Authentication

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

The SEC said that under First American’s remediation policies, if the person responsible for fixing the problem is unable to do so based on the timeframes listed above, that employee must have their management contact the company’s information security department to discuss their remediation plan and proposed time estimate.

Insurance

Insurance Risk Financial Services Mining

DataGuidance by OneTrust Speak to William Long About Data Protection Issues in the Financial Sector

Data Matters

MAY 14, 2019

William Long, partner and global co-leader of at Sidley’s Privacy and Cybersecurity practice, and has been working on global data privacy and information security matters for a number of years. Read the Full Interview.

Financial Services

Financial Services GDPR Big data Data Privacy

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

The Last Watchdog

JANUARY 28, 2024

I had the chance to visit with , senior scientist at NTT Research’s Cryptography & Information Security (CIS) Lab , to learn more about the progress being made on a promising concept called “privacy preserving aggregate statistics.” Rising data privacy regulations underscores the need for such a capability, Boyle told me.

Privacy

Privacy Data Privacy GDPR Personal data

Akamai prevented the largest DDoS attack on a US financial company

Security Affairs

SEPTEMBER 10, 2023

. “Historically, approximately 10% to 15% of the DDoS attacks observed by Akamai have been aimed at customers in the financial services industry.” In fact, over the past four quarters, more than 30% of the DDoS attacks have been aimed at financial services companies.” ” concludes Akamai.

Financial Services

Financial Services Ransomware Cybersecurity IT

The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse

Security Affairs

APRIL 3, 2024

Resecurity researchers warn that a new Version of JsOutProx is targeting financial institutions in APAC and MENA via Gitlab abuse. Resecurity has detected a new version of JSOutProx , which is targeting financial services and organizations in the APAC and MENA regions.

Financial Services

Financial Services Phishing IT Information Security

Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack

Security Affairs

NOVEMBER 10, 2023

Treasury market and impacted some fixed income and equities transactions “The Securities Industry and Financial Markets Association first told members on Wednesday that ICBC Financial Services had been hit by ransomware software, which paralyses computer systems unless a payment is made, several people familiar with the discussions said.”

Ransomware

Ransomware Financial Services Marketing Authentication

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity

Cybersecurity Financial Services Data breaches Insurance

LockBit on a Roll – ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order

Security Affairs

DECEMBER 4, 2023

The experts called it ‘prepositioning’ to analyze the response from financial organizations globally and the reaction of the market. LockBit specifically targeted ICBC Financial Services (ICBC FS), a wholly owned U.S. subsidiary of the state-owned lender, which plays a critical role in the world of international finance.

Ransomware

Ransomware Financial Services Marketing Government

A cyber attack hit Nissan Oceania

Security Affairs

DECEMBER 7, 2023

“The Australian and New Zealand Nissan Corporation and Financial Services (“Nissan”) advises that its systems have been subject to a cyber incident. Nissan is working with its global incident response team and relevant stakeholders to investigate the extent of the incident and whether any personal information has been accessed.”

Financial Services

Financial Services Data breaches Ransomware Access

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

Security Affairs

NOVEMBER 20, 2023

During its initial phase, DarkCasino primarily conducted operations in Mediterranean countries and various other Asian nations, utilizing online financial services Recently the group changed phishing methods and aimed at users of cryptocurrencies worldwide, even including non-English-speaking Asian countries such as South Korea and Vietnam.

Phishing

Phishing Archiving Financial Services Cybersecurity

A massive DDoS attack took down the site of the German financial agency BaFin

Security Affairs

SEPTEMBER 4, 2023

The BaFin is responsible for overseeing banks, insurance companies, investment firms, and other financial institutions. BaFin also regulates the securities markets and the financial services industry.

Financial Services

Financial Services Military Insurance Marketing

Obama Proposes New Financial Services Consumer Protection Agency

Hunton Privacy

JUNE 17, 2009

The proposal raises a number of privacy and data security questions, such as the role of the new financial services consumer protection agency in protecting privacy and data security and the continued role of the Federal Trade Commission as the lead agency in this area. The announcement is available here.

Financial Services

Financial Services Privacy Security IT

NY DFS Proposes New Class of Entities and More Detailed Regulations in Second Amendment to Cybersecurity Regulations

Data Matters

DECEMBER 6, 2022

On November 9, 2022, the New York Department of Financial Services (DFS) published its proposed second amendment to its cybersecurity regulations (23 NY CRR Part 500). This proposal follows a July 29 pre-proposal and comment period.

Cybersecurity

Cybersecurity Financial Services Privacy IT

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs

JUNE 15, 2023

Help us #StopRansomware by visiting [link] pic.twitter.com/G5jpxtB0Fw — Cybersecurity and Infrastructure Security Agency (@CISAgov) June 14, 2023 The LockBit ransomware operation was the most active in 2022 and according to the researchers it is one of the most prolific RaaS in 2023.

Ransomware

Ransomware Cybersecurity Agriculture Education

Akira ransomware gang claims the theft of sensitive data from Nissan Australia

Security Affairs

DECEMBER 22, 2023

The Australian and New Zealand Nissan Corporation and Financial Services (“Nissan”) advises that its systems have been subject to a cyber incident. Nissan is working with its global incident response team and relevant stakeholders to investigate the extent of the incident and whether any personal information has been accessed.”

Ransomware

Ransomware Data breaches Financial Services Archiving

Operation Cronos: law enforcement disrupted the LockBit operation

Security Affairs

FEBRUARY 19, 2024

Since January 2020, affiliates utilizing LockBit have targeted organizations of diverse sizes spanning critical infrastructure sectors such as financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Financial Services

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

Hunton Privacy

NOVEMBER 8, 2023

On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services (“NYDFS”) amended its Cybersecurity Regulation applicable to covered financial institutions. Our previous blog post covered key proposed changes to the Cyber Regulation.

Cybersecurity

Cybersecurity IT Compliance Financial Services

Law enforcement operation seized Ragnar Locker group’s infrastructure

Security Affairs

OCTOBER 19, 2023

“As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors,” reads the FBI’s flash alert.

Ransomware

Ransomware Financial Services Manufacturing Government

BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

Security Affairs

DECEMBER 15, 2023

Resecurity’s HUNTER (HUMINT) unit spotted the BianLian , White Rabbit , and Mario ransomware gangs collaborating in a joint extortion campaign targeting publicly-traded financial services firms.

Ransomware

Ransomware Financial Services Cybersecurity Passwords

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

In the Order, the SEC alleges that First American’s disclosures concerning the vulnerability were deficient because senior executives were not provided all available and relevant information, specifically that First American’s information security personnel had identified and failed to remediate the vulnerability months earlier in January 2019.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Security Affairs

OCTOBER 6, 2021

The majority of intercepted credentials by Agent Tesla related to financial services, online-retailers, e-government systems and personal and business e-mail accounts. . Researchers found active instances of Agent Tesla and developed a mechanism to enumerate the affected clients and extract compromised data.

Financial Services

Financial Services Retail Education Information Security

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Other industry standards too can have the force of “pseudo-law” – notably, the NIST Cybersecurity Framework, which federal regulators often apply to financial-services firms and government contractors. Thus, it can be difficult for even small enterprises to keep up with information security and data privacy compliance.

Data Privacy

Data Privacy Compliance Privacy Security

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July.

Insurance

Insurance Data breaches Financial Services Passwords

U.S. banking regulators order banks to notify cybersecurity incidents in 36 hours

Security Affairs

NOVEMBER 20, 2021

According to the Reuters , the banking industry had successfully completed a massive cross-industry cyber security drill to test the response to a ransomware attack that threatens to disrupt a range of financial services. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, U.S.

Cybersecurity

Cybersecurity Financial Services Insurance Ransomware

Latitude Data breach is worse than initially estimated. 14 million individuals impacted

Security Affairs

MARCH 28, 2023

Australian loan giant Latitude Financial Services (Latitude) revealed that a data breach its has suffered impacted 14 million customers. The data breach suffered by Latitude Financial Services (Latitude) is much more serious than initially estimated.

Data breaches

Data breaches Financial Services Passwords Risk

European Commission Launches Cybersecurity Strategy and Draft Directive on Network and Information Security

Hunton Privacy

FEBRUARY 8, 2013

On February 7, 2013, the European Commission, together with the High Representative of the Union for Foreign Affairs and Security Policy, launched their cybersecurity strategy for the European Union (“Strategy”).

Information Security

Information Security Cybersecurity Security Cloud

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Security Affairs

DECEMBER 26, 2023

It also involves actively identifying and securing potential vulnerabilities in IT/OT supply chains, and identity protection implementation for citizens and e-government. 5️ Digital Identity in the Crosshairs of Cyber Attacks Expect a proliferation of attacks against digital identity, leading to unprecedented large-scale data breaches.

Energy and Utilities

Energy and Utilities Artificial Intelligence Ransomware Data breaches

Pacific City Bank hit by AVOS Locker Ransomware

Security Affairs

SEPTEMBER 5, 2021

The cybercriminals defined the security implemented by the bank terrible. “Pacific City Bank provides outstanding banking and financial services for businesses and consumers. but they have horrible security)” reads the message published on the leak site.

Ransomware

Ransomware Financial Services Archiving Security

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

Other government agencies, like the New York Department of Financial Services and the Federal Trade Commission, are also increasingly focused on the need for broad implementation of MFA. Like an incident response plan, MFA has become a critical element of cybersecurity programs.

Cybersecurity

Cybersecurity Financial Services Authentication Government

Nissan Oceania data breach impacted roughly 100,000 people

Security Affairs

MARCH 14, 2024

The Australian and New Zealand Nissan Corporation and Financial Services (“Nissan”) advises that its systems have been subject to a cyber incident. Nissan is working with its global incident response team and relevant stakeholders to investigate the extent of the incident and whether any personal information has been accessed.”

Data breaches

Data breaches Financial Services Ransomware Government

NYDFS settles cybersecurity regulation matter for $1.8 million

Data Protection Report

JUNE 2, 2021

On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Financial Services Phishing

Toyota Financial Services discloses a data breach

Medusa ransomware gang claims the hack of Toyota Financial Services

Webinars

Trending Sources

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Webinars

Reducing Risk by Breaking Down Supply Chain Siloes

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Deploying applications built in external CI through IBM Cloud DevSecOps

Vermont Enacts Insurance Data Security Law

LoanDepot data breach impacted roughly 16.6 individuals

The Clock is Ticking for PCI DSS 4.0 Compliance

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

Episode 247: Into the AppSec Trenches with Robinhood CSO Caleb Sima

First American Financial Pays Farcical $500K Fine

DataGuidance by OneTrust Speak to William Long About Data Protection Issues in the Financial Sector

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

Akamai prevented the largest DDoS attack on a US financial company

The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse

Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack

New York State Expected to Increase Enforcement of Cybersecurity Practices

LockBit on a Roll – ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order

A cyber attack hit Nissan Oceania

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

A massive DDoS attack took down the site of the German financial agency BaFin

Obama Proposes New Financial Services Consumer Protection Agency

NY DFS Proposes New Class of Entities and More Detailed Regulations in Second Amendment to Cybersecurity Regulations

Cybersecurity agencies published a joint LockBit ransomware advisory

Akira ransomware gang claims the theft of sensitive data from Nissan Australia

Operation Cronos: law enforcement disrupted the LockBit operation

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

Law enforcement operation seized Ragnar Locker group’s infrastructure

BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Security Compliance & Data Privacy Regulations

American Insurance firm State Farm victim of credential stuffing attacks

U.S. banking regulators order banks to notify cybersecurity incidents in 36 hours

Latitude Data breach is worse than initially estimated. 14 million individuals impacted

European Commission Launches Cybersecurity Strategy and Draft Directive on Network and Information Security

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Pacific City Bank hit by AVOS Locker Ransomware

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Nissan Oceania data breach impacted roughly 100,000 people

NYDFS settles cybersecurity regulation matter for $1.8 million

Stay Connected