- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Adrianne Appel2023-05-25T17:16:00
A mortgage servicer will pay $4.25 million to settle allegations it left customer information vulnerable to cyberattacks by failing to implement required controls under New York’s cybersecurity law.
OneMain Financial Group did not comply with requirements mandated by New York’s 2017 Cybersecurity Regulation, the New York State Department of Financial Services (NYDFS) stated in a consent order agreed to with the company and signed off on Wednesday.
OneMain had written policies for conducting due diligence related to third parties, as required by the regulation, but did not follow them, the NYDFS said. One outcome of this failure was that from December 2017 through January 2018, a vendor that processed debit card payments for OneMain inadvertently gave some customers access to other customers’ personal data, the NYDFS alleged.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
Register for free
Receive the CW newsletter and access CPE webcasts.
First American Title Insurance Company agreed to pay a $1 million fine and implement stronger compliance measures for not securing customers’ personal data, the New York State Department of Financial Services announced.
New York will require financial institutions to conduct risk assessments more often and improve governance under a broad update to the state’s cybersecurity regulations.
New York-based Metropolitan Commercial Bank was assessed nearly $30 million in penalties by federal and state banking regulators for failing to properly oversee a third-party program manager whose prepaid cards were a popular target of fraud during the Covid-19 pandemic.
RTX Corp., the parent company of Raytheon, disclosed in a public filing it has reserved $1.24 billion to resolve legacy legal matters with the Department of Justice, Securities and Exchange Commission, and Department of State.
The U.K. Financial Conduct Authority issued a fine of $4.5 million (3.5 million pounds) against a U.K.-based subsidiary of crypto platform Coinbase for providing services to high-risk customers in violation of FCA rules.
Admera Health agreed to pay more than $5.5 million to resolve allegations first brought by two whistleblowers that it paid kickbacks to third-party contractors, the Department of Justice said.
