CNA Financial, a Chicago-based provider of cyber insurance, confirmed a cyberattack against its systems, which has some concerned that cybercriminals may target policyholders. If the investigation of the attack proves to include policyholder data, a cyber insurance industry expert warned, it could enable devastating further incidents that hackers could use as leverage in extortion attempts.…
Personal information in the United States is currently protected by a patchwork of industry-specific federal laws and state legislation whose scope and jurisdiction vary. The challenge of compliance for organizations that conduct business across all 50 states is therefore considerable. Even though many countries have laws that mandate data breach notification, data breach notifications are…
The New York State Department of Financial Services has released new guidance presenting some key practices for New York-regulated insurers that write cyber insurance. Background The 2020 Internet Crime Report issued by the FBI’s Internet Crime Complaint Center includes information from 791,790 complaints of suspected internet crime—an increase of a whopping 69.4% from 2019—and reported…
Hackers are exploiting vulnerabilities in Exchange email servers to drop ransomware, Microsoft has warned, a move that puts tens of thousands of email servers at risk of destructive attacks. NYDFS Letter To Regulated Entities On March 9th The NYDFS released an industry letter to all regulated entities regarding the Microsoft Reports Exploitation of Four Vulnerabilities…
A “hacktivist” breached a massive trove of security-camera data collected by Silicon Valley startup Verkada, gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools. Bloomberg reports the breach was carried out by a hacker with the goal of demonstrating the “pervasiveness of video surveillance and the ease…
All it takes is one infection, on one device to impact personal and corporate networks. It doesn’t matter if you have the most secure security system in the world. It takes only one untrained employee to be fooled by a phishing email and give away the data you’ve worked so hard to protect. Make sure…
The New York State Department of Financial Services (NYDFS) announced on March 3rd that Residential Mortgage Services, Inc. (RMS) will pay a $1.5 million penalty to New York State for violations of the Cybersecurity Regulation, Part 500 of Title 23 (NYCRR 500 23) of the New York Codes, Rules, and Regulations. “It is of paramount…
Researchers uncover 3 more malware strains linked to SolarWinds hackers. FireEye and Security researchers with the Microsoft Threat Intelligence Center (MSTIC) discovered 3 more malware strains in connection with the SolarWinds supply-chain attack, including a “sophisticated second-stage backdoor”. Microsoft and FireEye published blog posts showing several new pieces of malware that they believe are linked…
As Financial companies become more vulnerable, the risk of employees and contractors causing a data breach or ransomware attack is simultaneously increasing, but many agency principals still underestimate their cyber security risks. On March 1st, the Independent Insurance Agents & Brokers of America’s Agents Council for Technology (ACT), in conjunction with the Big “I” (Independent…
A few days ago, the Department of Financial Services (DFS) looked at an unusual pattern of interaction with multiple insurance websites and concluded that cybercriminals were exploiting data obtained from those website interactions to commit fraud. Website operators of all types should take note of the DFS’ warning and consider whether their websites may also…