Following a phishing scam that compromised an employee email account, the company failed to conduct an adequate investigation (i.e., to determine whether the mailbox contained private consumer data at the time of the compromise), and notify the breach to impacted customers and the Superintendent of Financial Services (the breach was notified 18 months later following a regulatory exam by the DFS); the company must implement an incident response plan and conduct a risk assessment of its information systems.
Related Posts
New York Law Firm Fined $200,000 After Not Protecting Data
A New York law firm has been fined $200,000 for failing to protect the protected health information of New Yorkers.
SheIn $1.9M Fine for Failing to Protect Customer Information
SheIn and Romwe owner, Zoetop, is set to pay the State of New York $1.9 million after failing to protect customer information.
NY DFS Fines Crypto Platform $30 Million for Significant Deficiencies
Robinhood Crypto, LLC are fined $30 million and ordered to hire an independent consultant after failures in cybersecurity and others.