NY Department of Financial Services Settles with Mortgage Lender over Data Breach

Weiner Brodsky Kider PC

Weiner Brodsky Kider PC

The New York Department of Financial Services (DFS) recently entered a settlement for $1.5 million with a Maine based mortgage lender over allegations that the company failed to comply with the state’s cybersecurity rules.

During a routine examination of the company’s cybersecurity systems, the DFS found that the company did not adequately disclose a data breach stemming from a phishing attack that captured the company’s consumer information.  The New York cybersecurity rule requires that entities licensed with the DFS must report “cybersecurity events” within 72 hours of their occurrences.  The company was well outside of the allotted time to report to DFS because the examination of the company uncovered the cybersecurity event 18 months after it happened.

Additionally, the routine examination exposed that the company did not have a comprehensive cybersecurity risk assessment, which the state’s cybersecurity rule requires.  The DFS requires comprehensive risk assessments to ensure that companies keep a watchful eye over their consumer’s nonpublic information.

The consent order requires the company to make certain cybersecurity improvements to comply with state regulations.  The company identified the customers whose data was potentially accessed and offered them a credit monitoring and identity theft package for a period of time.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Weiner Brodsky Kider PC | Attorney Advertising

Written by:

Weiner Brodsky Kider PC

Weiner Brodsky Kider PC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.