New York Department of Financial Services Settles With Mortgage Lender For Data Breach Weiner Brodsky Kider PC
The New York Department of Financial Services (DFS) recently concluded a regulation for $ 1.5 million from a Maine-based mortgage lender over allegations the company failed to comply with state cybersecurity rules.
During a routine review of the company’s cybersecurity systems, the DFS found that the company failed to adequately disclose a data breach resulting from a phishing attack that captured consumer information. of the company. New York’s cybersecurity rule requires that entities approved by the DFS must declare “cybersecurity events»Within 72 hours of onset. The company was well outside of the deadline to report to DFS as the company’s review revealed the cybersecurity event 18 months after it occurred.
Additionally, the routine review found that the company did not have a comprehensive cybersecurity risk assessment, which the state’s cybersecurity rule requires. The DFS requires comprehensive risk assessments to ensure that businesses keep a watchful eye on their consumers’ non-public information.
The consent order requires the company to make certain cybersecurity improvements to comply with state regulations. The company identified customers whose data was potentially accessed and offered them a credit monitoring and identity theft package for a period of time.