Financial Services, Insurance, Personal data and Risk

Toyota Financial Services discloses a data breach

Security Affairs

DECEMBER 11, 2023

Toyota Financial Services (TFS) disclosed a data breach, threat actors had access to sensitive personal and financial data. Toyota Financial Services (TFS) is warning customers it has suffered a data breach that exposed sensitive personal and financial data.

Financial Services

Financial Services Data breaches Ransomware Insurance

Top financial services trends of 2024

IBM Big Data Hub

JANUARY 16, 2024

The start of 2024 brings forth many questions as to what we can expect in the year ahead, especially in the financial services industry, where technological advances have skyrocketed and added complexities to an already turbulent landscape. One example of this is in insurance.

Financial Services

Financial Services Customer Experience Cloud Digital transformation

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

If malicious actors accessed the exposed data, the company could have faced devastating consequences and put their clients at risk, as financial services are the main target for cybercriminals. Employees, businesses, and individuals whose data were exposed could be at risk of spear phishing campaigns,” added researchers.

Personal data

Personal data Phishing Risk Financial Services

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

Other government agencies, like the New York Department of Financial Services and the Federal Trade Commission, are also increasingly focused on the need for broad implementation of MFA. MFA was also expressly named by both Microsoft and Mandiant as one of the most important recommendations to mitigate risk.

Cybersecurity

Cybersecurity Financial Services Authentication Government

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. NYDFS found that none of the assessments addressed the risks associated with the compromised O365 mailbox.

Cybersecurity

Cybersecurity Personal data Risk Financial Services

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information. enable companies to identify cybersecurity risks and incidents.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

Introduction to Data Protection Laws. Data protection laws, regulations, and rules control the collection, use, transfer, and storage of personal and sensitive information. Personal data protection requirements may be issued by federal, state (provincial), or local governments.

Personal data

Personal data GDPR Privacy Records Management

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

The GDPR provision that may keep IT security teams busiest is Article 32, which requires “a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing” of personal data. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

New York SHIELD Act $600,000 settlement

Data Protection Report

FEBRUARY 8, 2022

EyeMed engaged a forensic investigator, which was unable to determine whether any exfiltration of personal data had occurred, due in part to a lack of log data. Although organizations should consider the optics of partial implementation, companies should not forgo the risk mitigation of incremental improvements. (2)

Passwords

Passwords Financial Services Authentication Insurance

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

HL Chronicle of Data Protection

MARCH 16, 2020

On Tuesday, 3 March 2020, we welcomed our financial services clients in London to a lively panel event, which covered the multitude of issues which arise in a cybersecurity incident. Peter Marta. Arwen Handley. Philip Parish. Nicola Fulford. This ensures consistent messaging to all relevant parties.

Cybersecurity

Cybersecurity Financial Services Risk Insurance

FRANCE: CNIL adopts new single authorization on fraud prevention systems

DLA Piper Privacy Matters

SEPTEMBER 29, 2017

Pursuant to several provisions of the French Code Monétaire et Financier , entities from the banking and financial sector are required to implement processes and strategies to detect, measure and manage operational risks within their group (on a consolidated basis). 311-2 of the Code Monétaire et Financier. .

Personal data

Personal data Financial Services Insurance Risk

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

Instead the PIPL is a robust data privacy framework designed to safeguard individuals’ personal data against abuse, but at the same time to reflect cultural and business attitudes to data in China, as well as new technologies (including advances in AI, biometrics and data analytics), and to enable flows of personal data.

Data Privacy

Data Privacy Privacy Compliance Analytics

CIPL and AvePoint Release Global GDPR Readiness Report

Hunton Privacy

NOVEMBER 10, 2016

The impetuses for the survey were the many significant changes the GDPR will bring to companies’ management and processing of personal data, their privacy compliance programs and their IT systems and infrastructure. The GDPR replaces Directive 95/46/EC and will become applicable in May 2018.

GDPR

GDPR Data Privacy Compliance Privacy

A consumer perspective on FinTech disruption (part 2)

CGI

JANUARY 12, 2017

We surveyed 1,670 consumers across eight countries to get their perspectives on 12 digital FinTech services: Protection. Personal finance management (PFM). Personalized digital experience. IoT-based auto insurance pricing. Personalized offers. Finally, many consumers are simply risk averse. Mobile payments.

Financial Services

Financial Services IoT Risk Insurance

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined,” the report warned. Crimeware and spyware.

Ransomware

Ransomware Cybersecurity Phishing Encryption

HSBC Fined £3 Million ($5 Million) for Data Security Failings in UK

Hunton Privacy

JULY 22, 2009

The UK Financial Services Authority (FSA) has announced today fines for three HSBC entities totaling £3 million for failing to have adequate systems and controls in place to protect their customers’ confidential data. The fine is the highest to date in the UK and reflects a 30% discount for cooperating with the FSA.

Security

Security Insurance Data breaches Personal data

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

The May 25, 2018 effective date for the EU’s General Data Protection Regulation (GDPR) will no doubt be a central focus of 2018. Europe’s omnibus new framework for data protection law applies to (almost) all entities that collect and process EU personal data regardless of where the data are processed.

Cybersecurity

Cybersecurity Privacy Data breaches GDPR

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

ARMA International

AUGUST 2, 2019

with Equifax in connection with a 2017 data breach that exposed sensitive, personal data of around 147 million people. Social Security numbers) and says that such tokenized data was not exposed. In the same piece, Chris Vickery, the director of cyber-risk research and security from UpGuard, Inc.,

Cloud

Cloud Data breaches Encryption Access

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

Data Protection Report

MARCH 7, 2024

Recall that the focus of the Executive Order was not on single transactions, but rather bulk transactions of Americans’ personal data. The regulation also proposes this chart with respect to risk levels and bulk thresholds: (at 25). What is included in the special category of “government related data”?

Access

Access Military Compliance Personal data

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

IT Governance

DECEMBER 11, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Compromised information includes patients’ personal data, health and medical records, financial data, internal emails and software source code. and Robert W.

Data Privacy

Data Privacy Energy and Utilities Privacy Manufacturing

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

IT Governance

JANUARY 23, 2024

Source (New) Real estate USA Yes 46,906 Hampton-Newport News Community Services Board Source 1 ; source 2 ; source 3 (New) Healthcare USA Yes 44,312 Air Methods Source 1 ; source 2 (New) Healthcare USA Yes 34,016 GREYHOURS Source (New) Retail France Yes 18,700 Groveport Madison Schools Source 1 ; source 2 ; source 3 (Update) Education USA Yes 15.5

Data Privacy

Data Privacy Privacy Manufacturing Retail

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

FEBRUARY 25, 2019

These vendors drilled down on “governance and attestation,” coming up with advanced ways to enable companies to monitor and report cyber risk profiles to government and industry auditors. And the massive data breaches just keep on coming. Governance and attestation quickly became a very big deal. Positive steps.

Access

Access Government Authentication Data breaches

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

Known data breached Discord (via Spy.pet) Source (New) IT services USA Yes 4,186,879,104 Baidu, Inc., New guidance EDPB publishes information on Data Protection Framework redress mechanism The European Data Protection Board’s Information Note on the redress mechanism for EU/EEA individuals in relation to alleged violations of U.S.

Data Privacy

Data Privacy Privacy Manufacturing Security

Data Governance Tools: What Are They? Are They Optional?

erwin

NOVEMBER 14, 2019

In recent years, hard mandates for data governance also have increased. In the United States, the Health Insurance Portability and Accountability Act (HIPAA) requires organizations in the healthcare space to protect the privacy and security of certain health information. Costs have risen by 12 percent during the last five years.

Government

Government Data breaches Metadata GDPR

Data Governance Tools: What Are They? Are They Optional?

erwin

NOVEMBER 14, 2019

In recent years, hard mandates for data governance also have increased. In the United States, the Health Insurance Portability and Accountability Act (HIPAA) requires organizations in the healthcare space to protect the privacy and security of certain health information. Costs have risen by 12 percent during the last five years.

Government

Government Data breaches Metadata GDPR

Information Management Today

Toyota Financial Services discloses a data breach

Top financial services trends of 2024

Trending Sources

Multinational ICICI Bank leaks passports and credit card numbers

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

NYDFS settles with EyeMed for $4.5 million

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

The Impact of Data Protection Laws on Your Records Retention Schedule

Security Compliance & Data Privacy Regulations

New York SHIELD Act $600,000 settlement

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

FRANCE: CNIL adopts new single authorization on fraud prevention systems

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

CIPL and AvePoint Release Global GDPR Readiness Report

A consumer perspective on FinTech disruption (part 2)

What is a Cyberattack? Types and Defenses

HSBC Fined £3 Million ($5 Million) for Data Security Failings in UK

Privacy and Cybersecurity Top 10 for 2018

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

Data Governance Tools: What Are They? Are They Optional?

Data Governance Tools: What Are They? Are They Optional?

Stay Connected