By Adrianne Appel2023-05-25T17:16:00
A mortgage servicer will pay $4.25 million to settle allegations it left customer information vulnerable to cyberattacks by failing to implement required controls under New York’s cybersecurity law.
OneMain Financial Group did not comply with requirements mandated by New York’s 2017 Cybersecurity Regulation, the New York State Department of Financial Services (NYDFS) stated in a consent order agreed to with the company and signed off on Wednesday.
OneMain had written policies for conducting due diligence related to third parties, as required by the regulation, but did not follow them, the NYDFS said. One outcome of this failure was that from December 2017 through January 2018, a vendor that processed debit card payments for OneMain inadvertently gave some customers access to other customers’ personal data, the NYDFS alleged.
2023-11-29T19:05:00Z By Adrianne Appel
First American Title Insurance Company agreed to pay a $1 million fine and implement stronger compliance measures for not securing customers’ personal data, the New York State Department of Financial Services announced.
2023-11-03T10:03:00Z By Adrianne Appel
New York will require financial institutions to conduct risk assessments more often and improve governance under a broad update to the state’s cybersecurity regulations.
2023-10-20T20:00:00Z By Kyle Brasseur
New York-based Metropolitan Commercial Bank was assessed nearly $30 million in penalties by federal and state banking regulators for failing to properly oversee a third-party program manager whose prepaid cards were a popular target of fraud during the Covid-19 pandemic.
2025-10-08T18:28:00Z By Adrianne Appel
Charlie Javice, a former CEO who duped JPMorgan Chase into purchasing her start up company for $175 million, has been ordered to forfeit more than $22 million by the Department of Justice (DOJ) and to spend 7 years in jail.
2025-10-07T16:08:00Z By Adrianne Appel
Georgia Tech Research Corp. (GTRC) has agreed to pay $875,000 to settle allegations first raised by two compliance officers that its cybersecurity protocols violated acceptable standards for defense contractors, the Department of Justice (DOJ) said.
2025-10-06T17:12:00Z By Adrianne Appel
Tractor Supply Company has agreed to get into compliance with California’s consumer privacy law and to pay a $1.35 million fine—the largest yet by California—to settle allegations it violated the privacy rights of customers and job applicants.
Site powered by Webvision Cloud