- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Kyle Brasseur2022-10-19T14:53:00
EyeMed Vision Care agreed to pay a penalty of $4.5 million as part of a settlement with the New York State Department of Financial Services (NYDFS) for cybersecurity control failures that helped enable a 2020 data breach.
EyeMed did not have proper controls in place when a bad actor gained access to a shared email inbox containing more than six years’ worth of personal information from customers, including minors, the NYDFS alleged. As a result, the company violated the regulator’s cybersecurity regulations, including through its attestations that it was in compliance with the requirements.
“It is critically important that consumers’ non-public information is kept safe from potential criminal activity,” said NYDFS Superintendent Adrienne Harris in a press release Tuesday. “… This settlement demonstrates DFS’s ongoing commitment to protecting consumers while ensuring the safety and soundness of financial institutions from cyber threats.”
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
Register for free
Receive the CW newsletter and access CPE webcasts.
Mortgage servicer OneMain Financial Group will pay $4.25 million to settle allegations it left customer information vulnerable to cyberattacks by failing to implement required controls under New York’s cybersecurity law.
Robinhood Crypto agreed to pay a $30 million fine to the New York State Department of Financial Services for “significant failures” in its Bank Secrecy Act/anti-money laundering and cybersecurity compliance programs.
The New York State Department of Financial Services announced a $5 million penalty against Carnival Corp. for “significant” cybersecurity failures, including not implementing basic protocols to prevent four separate data breaches from 2019-21.
RTX Corp., the parent company of Raytheon, disclosed in a public filing it has reserved $1.24 billion to resolve legacy legal matters with the Department of Justice, Securities and Exchange Commission, and Department of State.
The U.K. Financial Conduct Authority issued a fine of $4.5 million (3.5 million pounds) against a U.K.-based subsidiary of crypto platform Coinbase for providing services to high-risk customers in violation of FCA rules.
Admera Health agreed to pay more than $5.5 million to resolve allegations first brought by two whistleblowers that it paid kickbacks to third-party contractors, the Department of Justice said.
