The world’s largest cruise operator Carnival detected a data hijacking cyberattack, ransomware, which could have accessed unauthorized personal data of customers and employees. The computer attack encrypted part of the information technology systems and also downloaded some company data files, according to Carnival.
As more and more companies experience crippling security breaches, the wave of compromised data is on the rise. Data breach statistics show that hackers are highly motivated by money to acquire data, and that personal information is a highly valued type of data to compromise. It’s also apparent that companies are still not prepared…
CNA Financial, a Chicago-based provider of cyber insurance, confirmed a cyberattack against its systems, which has some concerned that cybercriminals may target policyholders. If the investigation of the attack proves to include policyholder data, a cyber insurance industry expert warned, it could enable devastating further incidents that hackers could use as leverage in extortion attempts.…
Personal information in the United States is currently protected by a patchwork of industry-specific federal laws and state legislation whose scope and jurisdiction vary. The challenge of compliance for organizations that conduct business across all 50 states is therefore considerable. Even though many countries have laws that mandate data breach notification, data breach notifications are…
The New York State Department of Financial Services has released new guidance presenting some key practices for New York-regulated insurers that write cyber insurance. Background The 2020 Internet Crime Report issued by the FBI’s Internet Crime Complaint Center includes information from 791,790 complaints of suspected internet crime—an increase of a whopping 69.4% from 2019—and reported…
Hackers are exploiting vulnerabilities in Exchange email servers to drop ransomware, Microsoft has warned, a move that puts tens of thousands of email servers at risk of destructive attacks. NYDFS Letter To Regulated Entities On March 9th The NYDFS released an industry letter to all regulated entities regarding the Microsoft Reports Exploitation of Four Vulnerabilities…
The New York State Department of Financial Services (NYDFS) announced on March 3rd that Residential Mortgage Services, Inc. (RMS) will pay a $1.5 million penalty to New York State for violations of the Cybersecurity Regulation, Part 500 of Title 23 (NYCRR 500 23) of the New York Codes, Rules, and Regulations. “It is of paramount…
A few days ago, the Department of Financial Services (DFS) looked at an unusual pattern of interaction with multiple insurance websites and concluded that cybercriminals were exploiting data obtained from those website interactions to commit fraud. Website operators of all types should take note of the DFS’ warning and consider whether their websites may also…
What is NYDFS cybersecurity regulation? The New York Department of Financial Services (NYDFS) is the department that regulates certain covered entities and licensed persons in the financial services sector doing business in New York. This department has established a set of regulations called “The NYDFS cybersecurity regulation (23NYCRR 500) that demands some cybersecurity requirements on…
Although some limited exemptions apply, let’s be clear: Any entity regulated by New York’s Department of Financial Services (DFS) must comply with at least parts of 23 NYCRR 500. Small business? You still need to follow many sections of the law. Headquartered elsewhere? If you do business in New York, the law applies to your…
