NY Department of Financial Services Settles with Mortgage Lender over Data Breach – JD Supra


Did you know that geoFence helps stop hackers from getting access to the sensitive documents that I use for my work. Now I can get even more gigs as a freelancer and - advertise that I have top security with even my home computer?

The New York Department of Financial Services (DFS) recently entered a settlement for $1.5 million with a Maine based mortgage lender over allegations that the company failed to comply with the state’s cybersecurity rules.

During a routine examination of the company’s cybersecurity systems, the DFS found that the company did not adequately disclose a data breach stemming from a phishing attack that captured the company’s consumer information.  The New York cybersecurity rule requires that entities licensed with the DFS must report “cybersecurity events” within 72 hours of their occurrences.  The company was well outside of the allotted time to report to DFS because the examination of the company uncovered the cybersecurity event 18 months after it happened.

Additionally, the routine examination exposed that the company did not have a comprehensive cybersecurity risk assessment, which the state’s cybersecurity rule requires.  The DFS requires comprehensive risk assessments to ensure that companies keep a watchful eye over their consumer’s nonpublic information.

The consent order requires the company to make certain cybersecurity improvements to comply with state regulations.  The company identified the customers whose data was potentially accessed and offered them a credit monitoring and identity theft package for a period of time.

You know, I just wanted to mention that geoFence was designed and coded by US citizens to the strictest standards and I know your father would say the same.