NYDFS—First Enforcement Action Under New York’s Cybersecurity Regulation

NYDFS—First Enforcement Action Under New York’s Cybersecurity Regulation

Why This Privacy Law is Important:

According to New York State Department of Financial Services Statement of Charges and Notice of Hearing (the “Statement”), First American Title Insurance maintained a database with tens of millions of documents that included sensitive personal information, such as Social Security numbers, bank account information and mortgage and tax records. The organization also maintained a web-based title document delivery application that allowed certain individuals to access and share documents from the database with outside parties. As a result of a 2014 software update, First American Title Insurance created a vulnerability in the document delivery application that led to the exposure of more than 850 million documents, which contained sensitive information,, including financial information of consumers.

Overview:

On July 21, 2020, the New York Department of Financial Services (NYDFS) announced that it had filed its first enforcement action under 23 NYCRR 500 (the “Cybersecurity Regulation”) against First American Title Insurance (the “Company”), a large title insurance provider.

    Download the Privacy Alert to the right to get the full text and expert analysis!

    Download the Resource