NY DFS Fines Lender $1.5 Million for Failure to Report Security Event

Following a phishing scam that compromised an employee email account, the company failed to conduct an adequate investigation (i.e., to determine whether the mailbox contained private consumer data at the time of the compromise), and notify the breach to impacted customers and the Superintendent of Financial Services (the breach was notified 18 months later following a regulatory exam by the DFS); the company must implement an incident response plan and conduct a risk assessment of its information systems.

Total
0
Shares
Previous Post

Minnesota Re-Proposes Insurance Data Security Law

Next Post

Wisconsin Reintroduces Insurance Data Security Law

Related Posts
Total
0
Share