Six compliance lessons from NYDFS' first cybersecurity regulation enforcement action

Three years after New York’s expansive Cybersecurity Regulation went into effect, the state's Department of Financial Services (DFS) has brought its first enforcement action, charging First American Title Insurance Co. for its handling of a vulnerability that allowed easy access to over 65 million documents containing individuals' bank account and other sensitive non-public information.

The DFS alleges that the insurer violated its obligations to safeguard the data by failing to adequately assess the security risks around its trove of documents, then conducting "a preposterously minimal review" once it became aware of the problem.

Read More: Six compliance lessons from NYDFS' first cybersecurity regulation enforcement action


Download PDF Back To Listing
Loading data