Financial Services, Personal data and Security - Information Management Today

Toyota Financial Services discloses a data breach

Security Affairs

DECEMBER 11, 2023

Toyota Financial Services (TFS) disclosed a data breach, threat actors had access to sensitive personal and financial data. Toyota Financial Services (TFS) is warning customers it has suffered a data breach that exposed sensitive personal and financial data.

Financial Services

Financial Services Data breaches Ransomware Insurance

Top financial services trends of 2024

IBM Big Data Hub

JANUARY 16, 2024

The start of 2024 brings forth many questions as to what we can expect in the year ahead, especially in the financial services industry, where technological advances have skyrocketed and added complexities to an already turbulent landscape.

Financial Services

Financial Services Customer Experience Cloud Digital transformation

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

DLA Piper Privacy Matters

AUGUST 8, 2023

Authors: Carolyn Bigg, Amanda Ge and Venus Cheung On July 24, 2023, the People’s Bank of China (“ PBOC ”) released the Measures for the Management of Data Security in the Business Areas Falling into PBOC’s Jurisdiction (Draft for Comment) (“ Draft Measures” ) for public consultation, which closes on August 24, 2023.

Financial Services

Financial Services Personal data Compliance Data collection

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Hunton Privacy

APRIL 22, 2020

On April 13, 2020, the New York Department of Financial Services (“NYDFS”) issued guidance (“April guidance”) to all New York State entities covered under NYDFS’s cybersecurity regulation regarding assessing and addressing heightened cybersecurity risks due to the COVID-19 pandemic.

Financial Services

Financial Services Cybersecurity Phishing Risk

CFPB’s Proposed Data Rules

Schneier on Security

JANUARY 31, 2024

In October, the Consumer Financial Protection Bureau (CFPB) proposed a set of rules that if implemented would transform how financial institutions handle personal data about their customers. Beyond these economic effects, the rules have important data security benefits. You have no choice in the matter.

Financial Services

Financial Services Privacy Personal data Marketing

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

IT Governance

NOVEMBER 13, 2023

On 14 September, Mulkay discovered that the compromised files contained personal information, including “name, address, date of birth, Social Security number, driver’s license number or state ID, medical treatment information, and health insurance information”. Some patients also had their Social Security numbers exposed.”

Data Privacy

Data Privacy Privacy Security Data breaches

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Data breaches Ransomware Artificial Intelligence

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

The Last Watchdog

JANUARY 28, 2024

Scientists at NTT Research are working on an advanced type of cryptography that enables businesses to perform aggregate data analysis on user data — without infringing upon individual privacy rights. Rising data privacy regulations underscores the need for such a capability, Boyle told me.

Privacy

Privacy Data Privacy GDPR Personal data

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. In the days that followed, the DFS and U.S.

Insurance

Insurance Financial Services Mining Access

Catches of the Month: Phishing Scams for October 2023

IT Governance

OCTOBER 13, 2023

October is both Cybersecurity Awareness Month in the US and European Cyber Security Month in the EU – twin campaigns on either side of the Atlantic that aim to improve awareness of the importance of cyber security both at work and at home, and provide tips on how to stay secure.

Phishing

Phishing Financial Services Manufacturing Personal data

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. Since Carnival was licensed by the Department to sell insurance in NY State, it was treated as a covered entity under the Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

Navigating the EU-US Data Protection Framework

Thales Cloud Protection & Licensing

JANUARY 10, 2024

That decision of adequacy provides in substance that there is an adequate level of protection—comparable to that in the EU—for personal data transferred from the EU to US companies that are participating in the DPF. However, European organizations need to dive with eyes wide open when transferring personal data to the US under the DPF.

Data Privacy

Data Privacy Personal data Privacy Cloud

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. Like an incident response plan, MFA has become a critical element of cybersecurity programs.

Cybersecurity

Cybersecurity Financial Services Authentication Government

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

In 2022, the ICICI Bank’s resources were named a “critical information infrastructure” by the Indian government – any harm to it can impact national security. However, despite the critical status of bank infrastructure on the national level, the security of crucial data was not ensured. million files belonging to ICICI Bank. “The

Personal data

Personal data Phishing Risk Financial Services

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

DLA Piper Privacy Matters

APRIL 20, 2021

This introduces a data lifecycle security framework, and represents the key guideline for handling personal and other financial information by financial institutions (i.e. similar to the PIS Specification, but focused on the banking and financial services industry). Level 4: payments data.

Compliance

Compliance Security Financial Services Data collection

Improve your data relationships with third parties

Collibra

FEBRUARY 11, 2020

Seizing an opportunity to improve data relationships with third parties. Regulators are focusing on the data relationships financial services organizations have with third parties, including how well personal information is being managed. Exploring third party data relationship risk.

Financial Services

Financial Services Digital transformation Personal data Compliance

Striking a balance between security and usability of sensitive data

OpenText Information Management

DECEMBER 4, 2019

Last year, the number of personal records exposed by cyber attacks on the financial services industry was an incredible 446,575,334 – more than triple from the year before. The financial and reputational damage from these data breaches can be immense.

Financial Services

Financial Services Data breaches Security Personal data

UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge

Hunton Privacy

DECEMBER 19, 2022

The statement explains that “[t]here are over 5,000 UK companies operating in the UAE, many of which depend on the free and secure flow of safe data across borders.” The DIFC has already recognized the UK’s strong data protections and the UK is now in the advanced stages of its technical data protection assessment of the DIFC.

Government

Government Financial Services Personal data Security

Singapore Parliament Passes Personal Data Protection Act

Hunton Privacy

OCTOBER 17, 2012

On October 15, 2012, the Singapore Parliament passed the Personal Data Protection Act 2012. The new law will apply only to data processing in the private sector as data processing by public agencies (or organizations acting on behalf of public agencies) are already subject to internal government rules.

Personal data

Personal data Financial Services Data Privacy Data breaches

The largest Russian bank Sberbank hit by a massive DDoS attack

Security Affairs

NOVEMBER 9, 2023

Sberbank , the Russian banking and financial services giant, announced that it was recently hit by a record-breaking distributed denial of service (DDoS) attack that reached 1 million RPS. Then it did not affect the availability of bank services.

Personal data

Personal data Financial Services Marketing Cloud

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

Fowler sent a responsible disclosure notice when he discovered the database and it was secured the following day. In January 2024, it identified more potential victims, and has now written to inform them that their personal data may have been compromised in the incident. Data breached: 2,632,275 people’s data.

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. The settlement requires EyeMed to pay $4.5 million, among other things. Background. million. 23 NYCRR § 500.13.

Cybersecurity

Cybersecurity Personal data Risk Financial Services

New York SHIELD Act $600,000 settlement

Data Protection Report

FEBRUARY 8, 2022

The latter is the 2019 data security law known as the Stop Hacks and Improve Electronic Data Security (SHIELD) Act. EyeMed engaged a forensic investigator, which was unable to determine whether any exfiltration of personal data had occurred, due in part to a lack of log data. Background. SHIELD Act.

Passwords

Passwords Financial Services Authentication Insurance

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

Data Matters

SEPTEMBER 24, 2019

The GDPR was designed to harmonize data protection laws across Europe and to protect EU residents’ data privacy rights; and, its coming triggered significant privacy and data protection compliance activities amongst organizations doing business in the EU and working with the personal data of EU residents.

Personal data

Personal data GDPR Data Privacy Privacy

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Data Protector

JANUARY 29, 2017

The GDPR is (apparently) going to require data controllers to be more transparent about their records retention policies. The potential fine for not informing individuals, as their personal data is being collected, about retention periods is of course significant. I think not. I’m not aware of many cases.

GDPR

GDPR Privacy Compliance Personal data

An ongoing Qbot campaign targeted customers of tens of US banks

Security Affairs

JUNE 18, 2020

Researchers uncovered an ongoing campaign delivering the Qbot malware to steal credentials from customers of dozens of US financial institutions. Security researchers at F5 Labs have spotted ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions. Pierluigi Paganini.

Phishing

Phishing Financial Services Personal data Security

Popular apps left biometric data, IDs of millions of users in danger

Security Affairs

JANUARY 27, 2022

Personal data belonging to millions of customers of large businesses have been exposed due to a flaw in Onfido IDV. Millions of customers of large businesses have been left vulnerable to identity theft, thanks to a security flaw that exposes their personal data to illicit download. Verification process.

Personal data

Personal data Phishing Data breaches Passwords

New York’s Breach Law Amendments and New Security Requirements

Data Protection Report

OCTOBER 1, 2019

Although California has recently captured the lion’s share of attention with respect to privacy and security, on October 23, 2019, New York’s amended security breach law goes into effect, and on March 1, 2020, new security safeguards go live (N.Y. Readers may recall that New York’s security breach notification law (N.Y.

Security

Security Financial Services Passwords Risk

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

In the Order, the SEC alleges that First American’s disclosures concerning the vulnerability were deficient because senior executives were not provided all available and relevant information, specifically that First American’s information security personnel had identified and failed to remediate the vulnerability months earlier in January 2019.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Equifax Data Breach: The Long-Term Impact on Fighting Fraud

Rippleshot

SEPTEMBER 14, 2017

While most of the news centers on the consumer identity theft impact, the real story in the financial services ecosystem is what this hack will cost banks, credit unions and issuers. From what’s been publicly reported, there’s been 209,000 credit card numbers and 182,000 documents with personal information breached.

Data breaches

Data breaches Financial Services Personal data Security

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

The most significant action came in October, when the Berlin Commissioner for Data Protection and Freedom of Information issued a €14.5million fine against German real estate company, Deutsche Wohnen SE, relating to the excessive retention of personal data. In the U.S.,

Privacy

Privacy Compliance Personal data Risk

NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

Hunton Privacy

OCTOBER 24, 2022

On October 18, 2022, the New York State Department of Financial Services (“NYDFS”) announced that EyeMed Vision Care LLC (“EyeMed”) agreed to a $4.5

Cybersecurity

Cybersecurity Financial Services Risk Phishing

Ireland: DPC Produces “Significant Outputs” for 2022 Concluding 17 Large Scale Inquiries

DLA Piper Privacy Matters

MARCH 30, 2023

Two-thirds of the GDPR fines issued by EU data protection authorities last year where from the DPC, illustrating a continued commitment to enforcement. This inquiry involves the processing of personal data in relation to biometric facial templates used in the department’s registration process.

Personal data

Personal data GDPR Compliance Financial Services

Indonesia Publishes Proposed Data Protection Rule

Hunton Privacy

JULY 17, 2015

On July 14, 2015, pursuant to an implementation requirement of Government Regulation 82 of 2012, the Indonesian government published the Draft Regulation of the Minister of Communication and Information (RPM) of the Protection of Personal Data in Electronic Systems (“Proposed Regulation”). 82 of 2012.

Personal data

Personal data Archiving Financial Services Communications

Security in the finance sector: Whose role is it anyway?

CGI

OCTOBER 25, 2015

Security in the finance sector: Whose role is it anyway? Thomson Reuters was recently quoted as saying, “Increased regulation isn’t just a temporary challenge for global financial institutions—it’s the new reality.”. Finance service providers. Real-time payments demand the highest standards of service availability.

IT

IT Security Digital transformation Compliance

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs. For years, class actions following data breaches have been common in the United States.

Privacy

Privacy GDPR Data breaches Risk

What is credential stuffing? And how to prevent it?

Security Affairs

MARCH 29, 2022

Earmarked by the FBI as a particular threat to the financial service industry just over a year ago, the increase of internet traffic, data breaches and API usage all contribute to the perfect conditions for successful credential stuffing attacks. appeared first on Security Affairs. Provide unpredictable usernames.

IT

IT Passwords Authentication Data Privacy

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

Instead the PIPL is a robust data privacy framework designed to safeguard individuals’ personal data against abuse, but at the same time to reflect cultural and business attitudes to data in China, as well as new technologies (including advances in AI, biometrics and data analytics), and to enable flows of personal data.

Data Privacy

Data Privacy Privacy Compliance Analytics

Slack Launched Encryption Key Addon For Businesses

Security Affairs

MARCH 18, 2019

One of the main reason why companies are launching security centric features is, they value their customer’s data, privacy and security. Slack announced today to launch encryption keys that will help businesses to protect their data. What are the security risks of Slack? Admin Roles. Third Party Apps.

Encryption

Encryption Risk Financial Services Privacy

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

However, basic cybersecurity tools and practices, like patching , strong passwords , and multi-factor authentication (MFA), “can prevent 80 to 90% of cyberattacks,” said Anne Neuberger, deputy national security advisor for cyber and emerging technologies, during a White House press conference in Sept. Cyberattack Statistics. Other methods.

Ransomware

Ransomware Cybersecurity Phishing Encryption

It’s time to think twice about retail loyalty programs

Thales Cloud Protection & Licensing

DECEMBER 11, 2018

But it looks like my own personal data has been breached – again. What I’d originally planned to write about was a topic that directly applies – why retailers of all stripes are not investing in data security. That makes a cavalier attitude about data security much less forgivable. Not used in years.

Retail

Retail Data breaches Encryption Mining

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

HL Chronicle of Data Protection

MARCH 16, 2020

On Tuesday, 3 March 2020, we welcomed our financial services clients in London to a lively panel event, which covered the multitude of issues which arise in a cybersecurity incident. Peter Marta. Arwen Handley. Philip Parish. Nicola Fulford.

Cybersecurity

Cybersecurity Financial Services Risk Insurance

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs. For years, class actions following data breaches have been common in the United States.

Privacy

Privacy GDPR Data breaches Risk

Toyota Financial Services discloses a data breach

Top financial services trends of 2024

Webinars

Trending Sources

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

Webinars

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

CFPB’s Proposed Data Rules

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

Security Compliance & Data Privacy Regulations

NY Charges First American Financial for Massive Data Leak

Catches of the Month: Phishing Scams for October 2023

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Navigating the EU-US Data Protection Framework

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Multinational ICICI Bank leaks passports and credit card numbers

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

Improve your data relationships with third parties

Striking a balance between security and usability of sensitive data

UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge

Singapore Parliament Passes Personal Data Protection Act

The largest Russian bank Sberbank hit by a massive DDoS attack

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

NYDFS settles with EyeMed for $4.5 million

New York SHIELD Act $600,000 settlement

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

An ongoing Qbot campaign targeted customers of tens of US banks

Popular apps left biometric data, IDs of millions of users in danger

New York’s Breach Law Amendments and New Security Requirements

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Equifax Data Breach: The Long-Term Impact on Fighting Fraud

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

Ireland: DPC Produces “Significant Outputs” for 2022 Concluding 17 Large Scale Inquiries

Indonesia Publishes Proposed Data Protection Rule

Security in the finance sector: Whose role is it anyway?

The Privacy Officers’ New Year’s Resolutions

What is credential stuffing? And how to prevent it?

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

Slack Launched Encryption Key Addon For Businesses

What is a Cyberattack? Types and Defenses

It’s time to think twice about retail loyalty programs

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

The Privacy Officers’ New Year’s Resolutions

Stay Connected