You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

New York Files First DFS Cyber Suit

New York State is enforcing its 2017 Cybersecurity law for financial services companies. And it looks expensive.

New York's DFS Cybersecurity Rules Get Their Bite

Financial regulators in New York are set to levy the first fines under their 2017 DFS cybersecurity rules (aka Division of Financial Services -Rule 23 NYCRR 500).

First American Title Insurance Co. is the regulator's new poster child, after a breach became public last year. This comes right on the heels of a recent SEC alert on Ransomware.

First American, based in California (not New York) is a giant in real estate title insurance. Title insurance protects your real estate ownership. It's a critical piece of a robust real estate market.

The regulator said it considers each instance of exposed personal information a separate violation, attracting a penalty of $1,000 each.

Notice that New York doesn't care that First American is based in California. Under DFS cybersecurity rules, any financial services firm doing business in NY must comply.

Cybercriminals love targeting financial services firms. They get creative with it too, like when hackers posed as FINRA officials.

The NY State DFS alleged that First American exposed hundreds of millions of documents containing sensitive information.

Let's do some quick math:
A million files times a thousand dollars each is a billion dollars!
There were hundreds of millions of sensitive documents compromised. Each record carries a fine of $1,000. This quickly gets into the billions of dollars in fines - HUGE!

New York is not messing around. This is the first shot, and they just might make it an example for others.

Important Note: New York's DFS specifically mandates Security Awareness Training at financial services organizations!

Are you ready to take action?
We make it easy to protect your team from attacks just like this one. Find out how to protect your team with INFIMA's Automated Security Awareness platform.

To get a quote, set up a call with our (non-pushy) team here!

Original WSJ article
[https://www.wsj.com/articles/new-york-regulator-charges-first-american-over-2019-data-breach-11595423988]
New York's DFS Cybersecurity Requirements for Financial Services Companies
[https://www.dfs.ny.gov/docs/legal/regulations/adoptions/dfsrf500txt.pdf]

Joel Cahill

Cyber security enthusiast. Entrepreneur.