Skip to main content
Skip to navigation

Regulatory Enforcement

OneMain Financial fined $4.25M in NYDFS cybersecurity case

By Adrianne Appel2023-05-25T17:16:00

OneMain Financial

A mortgage servicer will pay $4.25 million to settle allegations it left customer information vulnerable to cyberattacks by failing to implement required controls under New York’s cybersecurity law.

OneMain Financial Group did not comply with requirements mandated by New York’s 2017 Cybersecurity Regulation, the New York State Department of Financial Services (NYDFS) stated in a consent order agreed to with the company and signed off on Wednesday.

OneMain had written policies for conducting due diligence related to third parties, as required by the regulation, but did not follow them, the NYDFS said. One outcome of this failure was that from December 2017 through January 2018, a vendor that processed debit card payments for OneMain inadvertently gave some customers access to other customers’ personal data, the NYDFS alleged.

THIS IS MEMBERS-ONLY CONTENT

You are not logged in and do not have access to members-only content.

If you are already a registered user or a member, SIGN IN now.

Related articles

News Brief
First American fined $1M by NYDFS over 2019 cybersecurity breach

2023-11-29T19:05:00Z By Adrianne Appel

First American Title Insurance Company agreed to pay a $1 million fine and implement stronger compliance measures for not securing customers’ personal data, the New York State Department of Financial Services announced.
News Brief
Amended N.Y. cyber regs up pressure on financial firms to combat risks

2023-11-03T10:03:00Z By Adrianne Appel

New York will require financial institutions to conduct risk assessments more often and improve governance under a broad update to the state’s cybersecurity regulations.
News Brief
Metropolitan Commercial Bank fined $30M for third-party oversight failings

2023-10-20T20:00:00Z By Kyle Brasseur

New York-based Metropolitan Commercial Bank was assessed nearly $30 million in penalties by federal and state banking regulators for failing to properly oversee a third-party program manager whose prepaid cards were a popular target of fraud during the Covid-19 pandemic.

More from Regulatory Enforcement

News Brief
FinCEN flags $9 billion in Iranian shadow-banking activity, citing SARs filings from U.S. banks

2025-11-05T18:35:00Z By Oscar Gonzalez

Approximately $9 billion of potential shadow-banking flows tied to Iranian networks in 2024, according to a new analysis from FinCEN. The report highlights how illicit funds are making their way through financial institutions as they meet the requirements of the Bank Secrecy Act (BSA).
News Brief
CFPB ends probe into Meta’s financial advertising practices

2025-10-31T18:52:00Z By Oscar Gonzalez

Meta says it is no longer under investigation by the U.S. Consumer Financial Protection Bureau (CFPB), the latest instance of the agency scaling back enforcement under President Donald Trump.
News Brief
Texas sues Johnson & Johnson, Kenvue over alleged misleading marketing of Tylenol

2025-10-30T19:59:00Z By Oscar Gonzalez

Texas Attorney General Ken Paxton sued two pharmaceutical companies for ”deceptively marketing Tylenol to pregnant mothers” despite risks linked to autism. The filing came two days before HHS Secretary Robert F. Kennedy Jr. appeared to walk back the claims.