Search results for: multi-factor authentication dfs
NY DFS Strikes Again on Cyber Fails
New York state regulators are at it again, serving up yet another enforcement action over poor cybersecurity practices that can serve as a quick case-study for the rest of us trying to figure out a sustainable way forward on cyber compliance issues. The company in question this time is OneMain Financial Group, a publicly traded…
Read MoreNY-DFS Proposes Updated Cyber Rule
Big news for audit and GRC professionals in the financial services world: the New York Department of Financial Services has proposed numerous updates to its Cybersecurity Rule, which would place more responsibilities on the CISO and impose more exacting standards for cybersecurity policies, procedures, and other control activities. The Department of Financial Services (DFS) unveiled…
Read MoreNY DFS Strikes Again on Cyber
A vision insurance company based in Ohio has agreed to pay a $4.5 million penalty to regulators in New York, to settle charges that the company’s poor cybersecurity practices led to a data breach in 2020. It’s a small but informative case for all you and privacy compliance enthusiasts out there. The company in question…
Read MoreTwo Insurers Nailed on Data Breaches
Just in time for Thanksgiving, regulators in New York have served up a double helping of cybersecurity enforcement, against two large insurance firms that repeatedly failed to remediate known weaknesses in their IT systems that left customers’ personal data vulnerable to thieves. The New York attorney general and the Department of Financial Services announced their…
Read MoreBold FTC Action Against Drizly
Fascinating enforcement action from the Federal Trade Commission this week, which brought charges of poor cybersecurity practices against an online liquor store and its CEO personally — who will need to abide by the terms of the consent order even if he leaves the company and takes another job elsewhere! The company is Drizly.com, which…
Read MoreNew York Fines Carnival $5M on Cyber Fails
Financial regulators in the state of New York just served up quite the example of cybersecurity enforcement, with a $5 million fine slapped against Carnival Corp. for failing to report several cybersecurity breaches in a timely manner and failing to implement required technical controls that would’ve reduced the odds of those attacks in the first…
Read More