Category Archives: New York State Department of Financial Services

First American Financial Pays Farcical $500K Fine

Posted on by

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. [NYSE:FAF] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back more than 16 years. This week, the U.S. Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000. Continue reading First American Financial Pays Farcical $500K Fine

SEC settles with First American over massive data leak for nearly $500,000

Posted on by

The Securities and Exchange Commission announced Tuesday that it has settled charges with First American Financial over its 2019 leak of sensitive customer information that exposed more than 800 million document images. Under the terms of the deal, the heavyweight real estate title insurance company will pay a $487,616 fine. The SEC had charged the company with inadequately disclosing the cybersecurity vulnerability that exposed the information. The digitized records included things like Social Security numbers and bank account statements. First American first made public statements about the vulnerability in May 2019 but the company’s information security personnel had first spotted it in January, and according to the SEC they didn’t fix it and failed to notify company brass. “As a result of First American’s deficient disclosure controls, senior management was completely unaware of this vulnerability and the company’s failure to remediate it,” said Kristina Littman, chief of the SEC Enforcement […]

The post SEC settles with First American over massive data leak for nearly $500,000 appeared first on CyberScoop.

Continue reading SEC settles with First American over massive data leak for nearly $500,000

A New York special: NYDFS cybersecurity regulation (23 NYCRR 500)

Posted on by

23 NYCRR 500, also known as NYDFS Cybersecurity Regulation, is a law issued by the New York State Department of Financial Services (NYDFS) that mandates the enforcement of optimal data security standards to safeguard websites and apps. 23 NYCRR 500 […]… Continue reading A New York special: NYDFS cybersecurity regulation (23 NYCRR 500)

Insurer’s huge data exposure draws charges from New York state

Posted on by

New York regulators have charged an insurer with violating state cybersecurity law for allegedly exposing hundreds of millions of documents that included Americans’ personal data, including Social Security numbers and financial information. The New York State Department of Financial Services announced legal action Wednesday against the First American Title Insurance Company, the second-largest real estate title insurer in the U.S. The company is accused of exposing customers’ Social Security numbers, bank account information, driver’s license numbers and mortgage and tax records through a software vulnerability that went undetected between May 2014 and December 2018. Upon discovering the flaw during a routine security test, the insurance company failed to fix it, DFS alleged. “After the data exposure was discovered by an internal penetration test in December 2018, First American failed to conduct a reasonable investigation into the scope and cause of the exposure, reviewing only 10 of the millions of documents exposed and […]

The post Insurer’s huge data exposure draws charges from New York state appeared first on CyberScoop.

Continue reading Insurer’s huge data exposure draws charges from New York state

NY Charges First American Financial for Massive Data Leak

Posted on by

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties. Continue reading NY Charges First American Financial for Massive Data Leak

What is NYDFS?

Posted on by

NYDFS Cybersecurity Regulation, 23 NYCRR 500  On March 1, 2017, the New York State Department of Financial Services (NYDFS) introduced new cybersecurity regulations for financial services companies that address the growing threat posed by cyber-cr… Continue reading What is NYDFS?