Financial Services, Insurance and Personal data

Toyota Financial Services discloses a data breach

Security Affairs

DECEMBER 11, 2023

Toyota Financial Services (TFS) disclosed a data breach, threat actors had access to sensitive personal and financial data. Toyota Financial Services (TFS) is warning customers it has suffered a data breach that exposed sensitive personal and financial data.

Financial Services

Financial Services Data breaches Ransomware Insurance

First American Title Insurance Co. Faces Charges in NY

Data Breach Today

JULY 23, 2020

Company Could Be Fined $1,000 for Each Violation of State Cybersecurity Law The New York State Department of Financial Services has filed civil charges against First American Title Insurance Co., which has been accused of exposing hundreds of millions of documents that contained customers' mortgage and personal data.

Insurance

Insurance Financial Services Personal data Cybersecurity

Top financial services trends of 2024

IBM Big Data Hub

JANUARY 16, 2024

The start of 2024 brings forth many questions as to what we can expect in the year ahead, especially in the financial services industry, where technological advances have skyrocketed and added complexities to an already turbulent landscape. One example of this is in insurance.

Financial Services

Financial Services Customer Experience Cloud Digital transformation

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. based First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2

Insurance

Insurance Financial Services Mining Access

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. Since Carnival was licensed by the Department to sell insurance in NY State, it was treated as a covered entity under the Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

Other government agencies, like the New York Department of Financial Services and the Federal Trade Commission, are also increasingly focused on the need for broad implementation of MFA. Like an incident response plan, MFA has become a critical element of cybersecurity programs.

Cybersecurity

Cybersecurity Financial Services Authentication Government

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

IT Governance

NOVEMBER 13, 2023

On 14 September, Mulkay discovered that the compromised files contained personal information, including “name, address, date of birth, Social Security number, driver’s license number or state ID, medical treatment information, and health insurance information”. The information mostly related to court proceedings.

Data Privacy

Data Privacy Privacy Security Data breaches

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

If malicious actors accessed the exposed data, the company could have faced devastating consequences and put their clients at risk, as financial services are the main target for cybercriminals. Employees, businesses, and individuals whose data were exposed could be at risk of spear phishing campaigns,” added researchers.

Personal data

Personal data Phishing Risk Financial Services

Ireland: Large-scale inquiries progress as DPC budget and staff numbers ramp up

DLA Piper Privacy Matters

FEBRUARY 28, 2022

Primary areas of focus for the DPC in 2021 included the safeguarding of children’s data protection rights, progressing ongoing large-scale inquires and prioritising responding to complaints which have raised issues of substance, with a data subject centric approach to resolution. Ongoing Inquiries & Data Transfer Enforcement.

Financial Services

Financial Services Data breaches Personal data Compliance

New York SHIELD Act $600,000 settlement

Data Protection Report

FEBRUARY 8, 2022

EyeMed engaged a forensic investigator, which was unable to determine whether any exfiltration of personal data had occurred, due in part to a lack of log data. On January 24, 2022, the New York Attorney General (AG) announced a settlement with vision-benefits-provider EyeMed Vision Care, Inc., SHIELD Act.

Passwords

Passwords Financial Services Authentication Insurance

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

Introduction to Data Protection Laws. Data protection laws, regulations, and rules control the collection, use, transfer, and storage of personal and sensitive information. Personal data protection requirements may be issued by federal, state (provincial), or local governments.

Personal data

Personal data GDPR Privacy Records Management

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. NYDFS may be the first regulator to make such an explicit recommendation.

Cybersecurity

Cybersecurity Personal data Risk Financial Services

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information. See CF Disclosure Guidance: Topic No. 2, Cybersecurity (Oct. 14, 2011). 15, 2020).

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

The GDPR provision that may keep IT security teams busiest is Article 32, which requires “a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing” of personal data. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

Data Matters

SEPTEMBER 24, 2019

The GDPR was designed to harmonize data protection laws across Europe and to protect EU residents’ data privacy rights; and, its coming triggered significant privacy and data protection compliance activities amongst organizations doing business in the EU and working with the personal data of EU residents.

Personal data

Personal data GDPR Data Privacy Privacy

Striking a balance between security and usability of sensitive data

OpenText Information Management

DECEMBER 4, 2019

Last year, the number of personal records exposed by cyber attacks on the financial services industry was an incredible 446,575,334 – more than triple from the year before. The financial and reputational damage from these data breaches can be immense.

Financial Services

Financial Services Data breaches Security Personal data

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

In January 2024, it identified more potential victims, and has now written to inform them that their personal data may have been compromised in the incident. Data breached: 2,632,275 people’s data. 204 of them are known to have had data exfiltrated, exposed or otherwise breached.

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

HL Chronicle of Data Protection

MARCH 16, 2020

On Tuesday, 3 March 2020, we welcomed our financial services clients in London to a lively panel event, which covered the multitude of issues which arise in a cybersecurity incident. Peter Marta. Arwen Handley. Philip Parish. Nicola Fulford.

Cybersecurity

Cybersecurity Financial Services Risk Insurance

CIPL and AvePoint Release Global GDPR Readiness Report

Hunton Privacy

NOVEMBER 10, 2016

The impetuses for the survey were the many significant changes the GDPR will bring to companies’ management and processing of personal data, their privacy compliance programs and their IT systems and infrastructure. The GDPR replaces Directive 95/46/EC and will become applicable in May 2018.

GDPR

GDPR Data Privacy Compliance Privacy

FRANCE: CNIL adopts new single authorization on fraud prevention systems

DLA Piper Privacy Matters

SEPTEMBER 29, 2017

The French data protection authority (CNIL) has just adopted Single Authorization No. AU-054 (the “AU-054”) on July 13, 2017 in order to cover the processing of personal data implemented in relation to these fraud prevention/detection systems. 311-2 of the Code Monétaire et Financier. .

Personal data

Personal data Financial Services Risk Insurance

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

Instead the PIPL is a robust data privacy framework designed to safeguard individuals’ personal data against abuse, but at the same time to reflect cultural and business attitudes to data in China, as well as new technologies (including advances in AI, biometrics and data analytics), and to enable flows of personal data.

Data Privacy

Data Privacy Privacy Compliance Analytics

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

Crimeware is a type of malware that cyber criminals use to commit identity theft or gain financial information to execute transactions. Other techniques to steal personal data include the use of keyloggers that record all keystrokes and can reveal information. Crimeware and spyware. Other methods.

Ransomware

Ransomware Cybersecurity Phishing Encryption

HSBC Fined £3 Million ($5 Million) for Data Security Failings in UK

Hunton Privacy

JULY 22, 2009

The UK Financial Services Authority (FSA) has announced today fines for three HSBC entities totaling £3 million for failing to have adequate systems and controls in place to protect their customers’ confidential data. The fine is the highest to date in the UK and reflects a 30% discount for cooperating with the FSA.

Security

Security Insurance Data breaches Personal data

These 3 GDPR Requirements You Must Support Today are Nothing Compared With What’s Coming

Reltio

AUGUST 16, 2018

The primary objectives of the GDPR are to give control back to their EU citizens and residents over their personal data, to simplify the regulatory environment for international business, and to unify regulations within the European Union.

GDPR

GDPR MDM Compliance Personal data

A consumer perspective on FinTech disruption (part 2)

CGI

JANUARY 12, 2017

We surveyed 1,670 consumers across eight countries to get their perspectives on 12 digital FinTech services: Protection. Personal finance management (PFM). Personalized digital experience. IoT-based auto insurance pricing. Personalized offers. Mobile payments. Alternative currency. Mobile cash flow manager.

Financial Services

Financial Services IoT Risk Insurance

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

ARMA International

AUGUST 2, 2019

with Equifax in connection with a 2017 data breach that exposed sensitive, personal data of around 147 million people. Social Security numbers) and says that such tokenized data was not exposed. On July 22, 2019, the Federal Trade Commission (FTC) announced that it had reached a proposed settlement.

Cloud

Cloud Data breaches Encryption Access

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

Data Protection Report

MARCH 7, 2024

Recall that the focus of the Executive Order was not on single transactions, but rather bulk transactions of Americans’ personal data. seems to be approving most transfers of personal data, except where those transfers meet the criteria described in the ANPRM.

Access

Access Military Compliance Personal data

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

IT Governance

DECEMBER 11, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Compromised information includes patients’ personal data, health and medical records, financial data, internal emails and software source code. and Robert W.

Data Privacy

Data Privacy Energy and Utilities Privacy Manufacturing

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

The May 25, 2018 effective date for the EU’s General Data Protection Regulation (GDPR) will no doubt be a central focus of 2018. Europe’s omnibus new framework for data protection law applies to (almost) all entities that collect and process EU personal data regardless of where the data are processed.

Cybersecurity

Cybersecurity Privacy Data breaches GDPR

After the Token Act: A New Data Economy Driven By Small Business Entrepreneurship

John Battelle's Searchblog

OCTOBER 31, 2018

And the ecosystem that develops around data tokens will offer it. Thanks to her Walmart experience, Michelle has become aware of the power of personal data. Transportation Services. Real Estate Services (Commercial). Location Services . Financial Services. She needs a new question machine.

Marketing

Marketing Retail Blockchain Mining

ICYMI – Late December in privacy and cybersecurity

Data Protection Report

JANUARY 30, 2023

3. Does an insurance policy that covers direct physical loss or damage to media cover the situation where ransomware renders downloaded software useless because it could not be decrypted? Which one is NOT on the list?

Privacy

Privacy Cybersecurity Personal data Insurance

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

IT Governance

JANUARY 23, 2024

Source (New) Real estate USA Yes 46,906 Hampton-Newport News Community Services Board Source 1 ; source 2 ; source 3 (New) Healthcare USA Yes 44,312 Air Methods Source 1 ; source 2 (New) Healthcare USA Yes 34,016 GREYHOURS Source (New) Retail France Yes 18,700 Groveport Madison Schools Source 1 ; source 2 ; source 3 (Update) Education USA Yes 15.5

Data Privacy

Data Privacy Privacy Manufacturing Retail

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

Glosbe dictionary exposes almost 7 million records The multilingual online dictionary Glosbe left a MongoDB instance unsecured last year, exposing nearly 7 million users’ information, including personal data, encrypted passwords and social media identifiers. Glosbe did not reply, but the open instance was soon closed.

Data Privacy

Data Privacy Privacy Security Data breaches

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

FEBRUARY 25, 2019

This was because, as the complexity of business networks continued to intensify, so did the challenges of meeting data handling requirements under the Payment Card Industry Data Security Standard, the Health Insurance Portability and Accountability Act, the Sarbanes-Oxley Act, and the Federal Information Security Management Act.

Access

Access Government Authentication Data breaches

California Consumer Privacy Act: The Challenge Ahead — Introduction to Hogan Lovells’ Blog Series

HL Chronicle of Data Protection

SEPTEMBER 12, 2018

The revised CCPA clarifies that “medical information” subject to the Confidentiality of Medical Information Act (CMIA) and “protected health information” collected by a “covered entity” or “business associate” established pursuant to the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) are exempt from the statute.

Privacy

Privacy Compliance GDPR Data breaches

Is Your Customer Experience Future-Ready?

Reltio

APRIL 25, 2019

If the digital transformation doesn’t have an end date, then is your data platform able to scale infinitely to support your long-term, evolving customer experience? Can it continuously collect and correlate all customer data from internal as well as external, public, and social media?

Customer Experience

Customer Experience Digital transformation B2B B2C

India’s Digital Future Is Bright

Thales Cloud Protection & Licensing

DECEMBER 23, 2019

According to the 2019 Thales Data Threat Report-India Edition , digital transformation is well underway in India, with 41% of Indian respondents saying they are either aggressively disrupting the markets they participate in or embedding digital capabilities that enable greater organizational agility. Complexity is a Barrier to Data Security.

Digital transformation

Digital transformation Cloud Encryption Data Privacy

U.S. Treasury Expresses National Perspective In Response to NAIC Insurance Data Security Model Law

Data Matters

DECEMBER 7, 2017

Department of Treasury released a 176-page Report examining the current regulatory framework for asset management and insurance industries. This Report may significantly impact the evolution of state-law cybersecurity regulations for the financial services sector. 3, 2017), and makes recommendations to ensure alignment.

Insurance

Insurance Data breaches Security Cybersecurity

Data Governance Tools: What Are They? Are They Optional?

erwin

NOVEMBER 14, 2019

In recent years, hard mandates for data governance also have increased. In the United States, the Health Insurance Portability and Accountability Act (HIPAA) requires organizations in the healthcare space to protect the privacy and security of certain health information. Costs have risen by 12 percent during the last five years.

Government

Government Data breaches Metadata GDPR

Data Governance Tools: What Are They? Are They Optional?

erwin

NOVEMBER 14, 2019

In recent years, hard mandates for data governance also have increased. In the United States, the Health Insurance Portability and Accountability Act (HIPAA) requires organizations in the healthcare space to protect the privacy and security of certain health information. Costs have risen by 12 percent during the last five years.

Government

Government Data breaches Metadata GDPR

Toyota Financial Services discloses a data breach

First American Title Insurance Co. Faces Charges in NY

Webinars

Trending Sources

Top financial services trends of 2024

Webinars

NY Charges First American Financial for Massive Data Leak

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

Multinational ICICI Bank leaks passports and credit card numbers

Ireland: Large-scale inquiries progress as DPC budget and staff numbers ramp up

New York SHIELD Act $600,000 settlement

The Impact of Data Protection Laws on Your Records Retention Schedule

NYDFS settles with EyeMed for $4.5 million

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Security Compliance & Data Privacy Regulations

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

Striking a balance between security and usability of sensitive data

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

CIPL and AvePoint Release Global GDPR Readiness Report

FRANCE: CNIL adopts new single authorization on fraud prevention systems

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

What is a Cyberattack? Types and Defenses

HSBC Fined £3 Million ($5 Million) for Data Security Failings in UK

These 3 GDPR Requirements You Must Support Today are Nothing Compared With What’s Coming

A consumer perspective on FinTech disruption (part 2)

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

Privacy and Cybersecurity Top 10 for 2018

After the Token Act: A New Data Economy Driven By Small Business Entrepreneurship

ICYMI – Late December in privacy and cybersecurity

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

California Consumer Privacy Act: The Challenge Ahead — Introduction to Hogan Lovells’ Blog Series

Is Your Customer Experience Future-Ready?

India’s Digital Future Is Bright

U.S. Treasury Expresses National Perspective In Response to NAIC Insurance Data Security Model Law

Data Governance Tools: What Are They? Are They Optional?

Data Governance Tools: What Are They? Are They Optional?

Stay Connected