News and analysis for the well-informed compliance or audit exec. Select an option and click continue.
Annual Membership $499 Value offer
Full price one year membership with auto-renewal.
Membership $599
One-year only, no auto-renewal.
- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By Kyle Brasseur2022-10-19T14:53:00
EyeMed Vision Care agreed to pay a penalty of $4.5 million as part of a settlement with the New York State Department of Financial Services (NYDFS) for cybersecurity control failures that helped enable a 2020 data breach.
EyeMed did not have proper controls in place when a bad actor gained access to a shared email inbox containing more than six years’ worth of personal information from customers, including minors, the NYDFS alleged. As a result, the company violated the regulator’s cybersecurity regulations, including through its attestations that it was in compliance with the requirements.
“It is critically important that consumers’ non-public information is kept safe from potential criminal activity,” said NYDFS Superintendent Adrienne Harris in a press release Tuesday. “… This settlement demonstrates DFS’s ongoing commitment to protecting consumers while ensuring the safety and soundness of financial institutions from cyber threats.”
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec. Select an option and click continue.
Annual Membership $499 Value offer
Full price one year membership with auto-renewal.
Membership $599
One-year only, no auto-renewal.
2023-05-25T17:16:00Z By Adrianne Appel
Mortgage servicer OneMain Financial Group will pay $4.25 million to settle allegations it left customer information vulnerable to cyberattacks by failing to implement required controls under New York’s cybersecurity law.
2022-08-02T18:27:00Z By Aaron Nicodemus
Robinhood Crypto agreed to pay a $30 million fine to the New York State Department of Financial Services for “significant failures” in its Bank Secrecy Act/anti-money laundering and cybersecurity compliance programs.
2022-06-27T16:18:00Z By Jeff Dale
The New York State Department of Financial Services announced a $5 million penalty against Carnival Corp. for “significant” cybersecurity failures, including not implementing basic protocols to prevent four separate data breaches from 2019-21.
2024-10-22T21:18:00Z By Adrianne Appel
Precision Toxicology has agreed to pay $27 million to settle allegations first brought by whistleblowers in three cases, that the company billed the federal government for unnecessary drug tests and paid kickbacks to doctors, the Department of Justice (DOJ) said.
2024-10-22T16:08:00Z By Aaron Nicodemus
Fund management company WisdomTree will pay $4 million to settle allegations by the Securities and Exchange Commission that it improperly invested in fossil fuel and tobacco companies in environmental, social and governance (ESG) funds despite promising to avoid them.
2024-10-18T18:10:00Z By Adrianne Appel
A Vietnamese alcohol company has agreed to pay $860,000 to settle allegations by the Office of Foreign Assets Control (OFAC) that its business with North Korea involved U.S. financial institutions.
Site powered by Webvision Cloud