OneMain Financial fined $4.25M in NYDFS cybersecurity case
By 
Adrianne Appel2023-05-25T17:16:00
A mortgage servicer will pay $4.25 million to settle allegations it left customer information vulnerable to cyberattacks by failing to implement required controls under New York’s cybersecurity law.
OneMain Financial Group did not comply with requirements mandated by New York’s 2017 Cybersecurity Regulation, the New York State Department of Financial Services (NYDFS) stated in a consent order agreed to with the company and signed off on Wednesday.
OneMain had written policies for conducting due diligence related to third parties, as required by the regulation, but did not follow them, the NYDFS said. One outcome of this failure was that from December 2017 through January 2018, a vendor that processed debit card payments for OneMain inadvertently gave some customers access to other customers’ personal data, the NYDFS alleged.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
News BriefFirst American fined $1M by NYDFS over 2019 cybersecurity breach
First American Title Insurance Company agreed to pay a $1 million fine and implement stronger compliance measures for not securing customers’ personal data, the New York State Department of Financial Services announced.
-
News BriefAmended N.Y. cyber regs up pressure on financial firms to combat risks
New York will require financial institutions to conduct risk assessments more often and improve governance under a broad update to the state’s cybersecurity regulations.
-
News BriefMetropolitan Commercial Bank fined $30M for third-party oversight failings
New York-based Metropolitan Commercial Bank was assessed nearly $30 million in penalties by federal and state banking regulators for failing to properly oversee a third-party program manager whose prepaid cards were a popular target of fraud during the Covid-19 pandemic.
More from Regulatory Enforcement
-
News BriefFTC sues Uber over deceptive subscriptions, a rare move for consumers by Trump officials
The Federal Trade Commission (FTC) filed a lawsuit against Uber, alleging the ride-hailing company signed customers up for its Uber One subscription without consent, then made it hard for them to cancel. The move marks the U.S. government’s latest broadside against big tech companies, and the first major action from ...
-
News BriefCFPB pullback signals further shift toward industry-friendly regulation
The U.S. Consumer Financial Protection Bureau continues to unravel amid pressure from Trump administration officials to shutter the agency. Not only has the agency informed its employees that it will no longer be a watchdog for the financial services industry, it has also laid off employees despite court orders blocking ...
-
News BriefTrump’s CFPB, dismissing Comerica case, continues to cut down Biden-era lawsuits
The Consumer Financial Protection Bureau dropped yet another consumer protection lawsuit against a bank or fintech provider since Donald Trump was sworn in as president in January. This time, it was with Comerica Bank.