- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Adrianne Appel2023-05-25T17:16:00
A mortgage servicer will pay $4.25 million to settle allegations it left customer information vulnerable to cyberattacks by failing to implement required controls under New York’s cybersecurity law.
OneMain Financial Group did not comply with requirements mandated by New York’s 2017 Cybersecurity Regulation, the New York State Department of Financial Services (NYDFS) stated in a consent order agreed to with the company and signed off on Wednesday.
OneMain had written policies for conducting due diligence related to third parties, as required by the regulation, but did not follow them, the NYDFS said. One outcome of this failure was that from December 2017 through January 2018, a vendor that processed debit card payments for OneMain inadvertently gave some customers access to other customers’ personal data, the NYDFS alleged.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec. Select an option and click continue.
Annual Membership $499 Value offer
Full price one year membership with auto-renewal.
Membership $599
One-year only, no auto-renewal.
First American Title Insurance Company agreed to pay a $1 million fine and implement stronger compliance measures for not securing customers’ personal data, the New York State Department of Financial Services announced.
New York will require financial institutions to conduct risk assessments more often and improve governance under a broad update to the state’s cybersecurity regulations.
New York-based Metropolitan Commercial Bank was assessed nearly $30 million in penalties by federal and state banking regulators for failing to properly oversee a third-party program manager whose prepaid cards were a popular target of fraud during the Covid-19 pandemic.
A bank examiner and senior manager at the Federal Reserve Bank of Richmond pled guilty to insider trading after allegedly misappropriating confidential information on seven banks to make profitable trades.
New York-based investment firm Drexel Hamilton will pay more than $1.1 million in penalties, with four current and former employees paying fines as well over committing hundreds of violations of rules regarding the sale of municipal bonds.
A publicly traded cryptocurrency mining company will pay $10 million and completely change its business model to one with “lower corruption risk” as part of a settlement over violations of the Foreign Corrupt Practices Act (FCPA), two regulators announced.
