insurance finance news First Charges Filed Under New York's Cyber Reg Involve First American Data Leak financial insurance news
Breaking-Finance.Com - The New York State Department of Financial Services (DFS) has filed cybersecurity charges against a title insurance provider for exposing millions of
Breaking-Finance.Com - The New York State Department of Financial Services (DFS) has filed cybersecurity charges against a title insurance provider for exposing millions of documents containing consumers’ personal information. The charges are the first to be filed under DFS’ cybersecurity regulation, Part 500 of Title 23 of the New York Codes, Rules, and Regulations, which went into effect in March 2017 and was implemented under a phased two-year timeline. The regulation aims to protect New York’s financial services industry from the threat of a cyber attack and is the first cybersecurity regulation of its kind in the U.S. It has since served as a model for other regulators, including the U.S. Federal Trade Commission, multiple states and the National Association of Insurance Commissioners. “In public comments, Superintendent Linda A.
. “The Superintendent has emphasized the DFS cybersecurity regulation will be enforced.”
Indeed, in its first enforcement action under the cybersecurity reg, DFS alleges that First American Title Insurance Company exposed hundreds of millions of documents, millions of which contained consumers’ sensitive personal information including bank account numbers, mortgage and tax records, Social Security numbers, wire transaction receipts and drivers’ license images.
First American is a licensee authorized to write title insurance in New York. In 2019, it wrote more than 50,000 policies in New York state, according to a DFS press release announcing the charges. As a result, First American is considered a covered entity subject to the requirements of New York’s cyber regulation.
DFS’ notice of charges against First American states that from at least October 2014 through May 2019, a known vulnerability on First American’s public-facing website made customers’ personal data available to anyone with a web browser.
This comes after the vulnerability was first introduced in May 2014 during a software update for EaglePro, the web-based title document delivery system that First American created and maintains on its network. The system allows title agents and other First American employees to share any document in its main document repository, known as FAST, with outside parties.
Source = Breaking-Finance.ComFinancial breaking news