Insurer’s huge data exposure draws charges from New York state

New York regulators have charged an insurer with violating state cybersecurity law for allegedly exposing hundreds of millions of documents that included Americans’ personal data, including Social Security numbers and financial information. The New York State Department of Financial Services announced legal action Wednesday against the First American Title Insurance Company, the second-largest real estate title insurer in the U.S. The company is accused of exposing customers’ Social Security numbers, bank account information, driver’s license numbers and mortgage and tax records through a software vulnerability that went undetected between May 2014 and December 2018. Upon discovering the flaw during a routine security test, the insurance company failed to fix it, DFS alleged. “After the data exposure was discovered by an internal penetration test in December 2018, First American failed to conduct a reasonable investigation into the scope and cause of the exposure, reviewing only 10 of the millions of documents exposed and […]

The post Insurer’s huge data exposure draws charges from New York state appeared first on CyberScoop.

Continue reading Insurer’s huge data exposure draws charges from New York state

Facebook asks to be regulated kinda like a newspaper, kinda like telco

Zuckerberg is in Brussels right in time for the European Commission’s release of its manifesto on regulating AI. Continue reading Facebook asks to be regulated kinda like a newspaper, kinda like telco

UK Warns Insurers About Cyber Risks

Do you have cyber risk insurance? Are you sure? If the answer to that question is uncertain (and it should be uncertain), then there’s a huge, uncalculated risk. Not just to you, but to your insurance company. The UK’s main insurance regulator, the Ba… Continue reading UK Warns Insurers About Cyber Risks

Policy and Procedures – Security Compliance

All organizations have policies and procedures on how particular tasks and goals are established within the organization. The issue here is many of these are either word of mouth or haven’t been written down. This leads to having subjective polic… Continue reading Policy and Procedures – Security Compliance

Facebook fined $11m for misleading users about how data will be used

They said Facebook emphasizes the service being free, not that it’s making big bucks off users’ data. They ordered the company to apologize. Continue reading Facebook fined $11m for misleading users about how data will be used

Insurance regulators pitched on FICO-style score for cybersecurity

In the fast growing cybersecurity insurance market, underwriters face a uniquely complex problem — measuring or estimating the risk their policy-holders face from cybercrooks, online spies and other hackers. The insurance industry “doesn’t have … a set of baseline tools or metrics … to quantify their customers’ risks,” Anand Paturi, vice president of security research and engineering at RiskSense told CyberScoop. In life insurance for instance, depending on the value of the policy, risk might be measured by reference to actuarial tables which predict life expectancy, or by a medical examination measuring a wide range of physical risk factors. “That [risk] data is how you set the price of the policy,” he explained. But, in a presentation Monday to the National Association of Insurance Commissioners 2017 National Meeting, Paturi argued that the question is much more complicated in cybersecurity. He gave as an example the potentially massive losses from the WannaCry and Petya outbreaks earlier this year. In […]

The post Insurance regulators pitched on FICO-style score for cybersecurity appeared first on Cyberscoop.

Continue reading Insurance regulators pitched on FICO-style score for cybersecurity