Skip to main content
Skip to navigation

Regulatory Enforcement

OneMain Financial fined $4.25M in NYDFS cybersecurity case

By Adrianne Appel2023-05-25T17:16:00

OneMain Financial

A mortgage servicer will pay $4.25 million to settle allegations it left customer information vulnerable to cyberattacks by failing to implement required controls under New York’s cybersecurity law.

OneMain Financial Group did not comply with requirements mandated by New York’s 2017 Cybersecurity Regulation, the New York State Department of Financial Services (NYDFS) stated in a consent order agreed to with the company and signed off on Wednesday.

OneMain had written policies for conducting due diligence related to third parties, as required by the regulation, but did not follow them, the NYDFS said. One outcome of this failure was that from December 2017 through January 2018, a vendor that processed debit card payments for OneMain inadvertently gave some customers access to other customers’ personal data, the NYDFS alleged.

THIS IS MEMBERS-ONLY CONTENT

cw-membership

You are not logged in and do not have access to members-only content.

If you are already a registered user or a member, SIGN IN now.

Related articles

News Brief
First American fined $1M by NYDFS over 2019 cybersecurity breach

2023-11-29T19:05:00Z By Adrianne Appel

First American Title Insurance Company agreed to pay a $1 million fine and implement stronger compliance measures for not securing customers’ personal data, the New York State Department of Financial Services announced.
News Brief
Amended N.Y. cyber regs up pressure on financial firms to combat risks

2023-11-03T10:03:00Z By Adrianne Appel

New York will require financial institutions to conduct risk assessments more often and improve governance under a broad update to the state’s cybersecurity regulations.
News Brief
Metropolitan Commercial Bank fined $30M for third-party oversight failings

2023-10-20T20:00:00Z By Kyle Brasseur

New York-based Metropolitan Commercial Bank was assessed nearly $30 million in penalties by federal and state banking regulators for failing to properly oversee a third-party program manager whose prepaid cards were a popular target of fraud during the Covid-19 pandemic.

More from Regulatory Enforcement

Article
Teledyne fined $1.5M for supplying obsolete parts to Navy

2026-01-06T17:38:00Z By Adrianne Appel

Teledyne will pay more than $1.5 million to settle allegations it supplied electronic parts to the Navy that deviated from specifications, a violation of the False Claims Act (FCA). But its cooperation with prosecutors earned it a credit, according to the U.S. Department of Justice (DOJ).
Article
Tungston rod importer pays $54.4M to settle DOJ tariff fraud allegations

2026-01-05T21:47:00Z By Adrianne Appel

An industrial products distributor has agreed to pay $54.4 million to settle allegations, first made by a whistleblower, that it evaded tariffs and violated the federal False Claims Act.
Article
Tariff evasion enforcement: The new FCPA

2025-12-24T16:46:00Z By Jaclyn Jaeger

Companies that import goods into the United States will face heightened enforcement scrutiny for attempted acts of customs fraud, including tariff evasion, under the Trump administration. Thus, chief compliance officers and in-house counsel face a new kind of pressure to ensure they are mitigating risk in this area.