• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

NYDFS

NYDFS Issues Guidance on Cybersecurity Controls to Combat Ransomware and Clarifies Reporting Obligations

July 3, 2021 By Lance Taubin, Kate Hanniford and Kim Peretti

The New York Department of Financial Services (NYDFS) issued new guidance this week intended to assist organizations in thwarting ransomware attacks. The guidance clarifies the NYDFS’ expectation that NYDFS-regulated companies should “implement these controls whenever possible” and report any successful deployment of ransomware or unauthorized access to privilege accounts to the NYDFS under its established […]

Filed Under: Cybersecurity, NYDFS Tagged With: Ransomware

New York and Illinois Regulators Recommend Third Party Cybersecurity Review For Specific Vulnerabilities

May 21, 2021 By James Harvey and Privacy, Cyber & Data Strategy Team

This month, the Illinois Department of Insurance issued guidance to insurers recommending assessments in response to a Microsoft Exchange vulnerability, detailed in the guidance.  In the Bulletin dated May 5, the Department encourages regulated entities to “assess the risk to their systems and consumers and take steps necessary to address vulnerabilities and customer impact.” The […]

Filed Under: Cyber Risk, Cybercrime, Cybersecurity, Data Breach, Data Protection, Data Security, Digital Crimes, Enforcement, Financial Privacy, Insurance Data Security, NYDFS, Regulation, Security Breach, Supply Chain

NYDFS Issues Report on the SolarWinds Attack and Covered Entities’ Responses

April 29, 2021 By Kate Hanniford

Following the SolarWinds cyber espionage attack (the “Attack”) and the resulting focus on supply chain risk, the New York Department of Financial Services (NYDFS) has issued a report detailing the impact on and responses by its regulated covered entities to the Attack.  Although there have been no reported instances of active exploitation of DFS-regulated companies […]

Filed Under: Cyber Espionage, NYDFS, Security Breach, Supply Chain Tagged With: Supply Chain, Third Party Risk

NYDFS Announces Cybersecurity Settlement, Addresses Multi-Factor Authentication Rules

April 16, 2021 By Privacy, Cyber & Data Strategy Team

On April 14, 2021, the New York Department of Financial Services (“NYDFS”) announced a settlement with National Securities Corporation (“National Securities”), a licensed insurer, in connection with claims under the NYDFS Cybersecurity Regulation (23 NYCRR Part 500). The consent order requires payment of a $3M penalty and mandatory remediation in response to alleged failures to […]

Filed Under: Cybersecurity, Data Breach, Data Protection, Data Security, Digital Crimes, Enforcement, Financial Privacy, Insurance Data Security, NYDFS, Regulation

NYDFS Reports Major Cybersecurity Settlement

March 11, 2021 By James Harvey and Privacy, Cyber & Data Strategy Team

In early March, the New York Department of Financial Services (NYDFS) announced a settlement involving a $1.5M penalty and mandatory remediation in response to a mortgage lender’s alleged failure to report a cyber breach, and other alleged cybersecurity failures. This enforcement action marks the second public enforcement action under 23 NYCRR Part 500 (the “Cybersecurity […]

Filed Under: Cyber Risk, Cybercrime, Cybersecurity, Data Breach, Data Breach Litigation, Data Protection, Data Security, Digital Crimes, Enforcement, Financial Privacy, NYDFS, Regulation, Security Breach

  • « Go to Previous Page
  • Page 1
  • Page 2
  • Page 3
  • Page 4
  • Go to Next Page »

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


RANSOMWARE FUSION CENTER
Click here to request access

THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • Back from the Brink: District Court Clears Air Regarding Individualized Damages Assessment in Data Breach Cases
  • UK Data Protection Regulator Fines 23andMe ~$3.1 Million Following Credential Stuffing Attack
  • NYDFS Issues Guidance on Heightened Cybersecurity and Sanctions Risk from Global Conflict
  • Are You Ready For The Department Of Justice’s Bulk Data Transfer Rule?
  • Trump Administration Releases Cyber Executive Order Revealing Renewed Strategy for U.S. Cybersecurity
Copyright © 2025 · Alston & Bird · All Rights Reserved. Privacy.
This website uses cookies to improve functionality and performance. By continuing to browse this site, you are consenting to the use of cookies on this website. OkCookie policy