News & Analysis as of

Cybersecurity Data Security Financial Institutions

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk... more +
Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk management, global regulations, data protection, leaks, hacking, cyber insurance, compliance, HIPAA, and every other aspect of cybersecurity of import to corporate readers right now.   less -
Blake, Cassels & Graydon LLP

Nouveau cadre relatif aux incidents de sécurité de l’information à l’intention des institutions financières québécoises

Blake, Cassels & Graydon LLP on

Le 23 avril 2025, le Règlement sur la gestion et le signalement des incidents de sécurité de l’information de certaines institutions financières et des agents d’évaluation du crédit (le « Règlement ») est entré en vigueur au...more

Orrick, Herrington & Sutcliffe LLP

OIG makes seven recommendations for CFPB following major incident

Orrick, Herrington & Sutcliffe LLP on

On May 5, the OIG for the Fed authored a report with several recommendations for the CFPB following a major security incident regarding confidential supervisory information (CSI). The OIG issued four findings with seven...more

Eversheds Sutherland (US) LLP

Preparing for Regulation S-P and takeaways from the SEC’s session at the Incident Response Forum Masterclass 2025

Eversheds Sutherland (US) LLP on

On April 22, 2025, Laura D’Allaird, Chief of the SEC’s Cyber and Emerging Technologies Unit (CETU), participated in the Incident Response Forum Masterclass 2025 (Incident Response Masterclass). In the session, titled “SEC...more

Hogan Lovells

NYDFS: Penultimate set of cybersecurity requirements under amended Part 500 take effect May 1, 2025

Hogan Lovells on

On May 1, 2025, additional cybersecurity requirements introduced by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) took...more

A&O Shearman

FSB publishes finalised format for FIRE framework

A&O Shearman on

The Financial Stability Board (FSB) has published its finalised Format for Incident Reporting Exchange (FIRE), together with a press release and updated webpage. FIRE provides a standardised format for financial institutions...more

Alston & Bird

2025 State Cybersecurity Legislation Focuses on Financial Services

Alston & Bird on

Eight years ago, on March 1, 2017, the New York Department of Financial Services enacted its landmark cybersecurity regulation covering financial services companies, 23 NYCRR Part 500, known as “Part 500.” Part 500 was the...more

Orrick, Herrington & Sutcliffe LLP

OCC provides an update on its security breach given institutional risk

Orrick, Herrington & Sutcliffe LLP on

On April 14, the OCC released a letter providing more details on the recent security breach involving its email systems. The breach — identified as a major incident under the Federal Information Security Modernization Act...more

Blake, Cassels & Graydon LLP

New Information Security Incident Framework for Quebec Financial Institutions

Blake, Cassels & Graydon LLP on

On April 23, 2025, Quebec’s Regulation respecting the management and reporting of information security incidents by certain financial institutions and by credit assessment agents (Regulation) will come into force. Issued by...more

Orrick, Herrington & Sutcliffe LLP

OCC announces major information security incident

Orrick, Herrington & Sutcliffe LLP on

On April 8, the OCC announced it had notified Congress of a major information security incident, as required by the Federal Information Security Modernization Act. The incident involved unauthorized access to emails and their...more

Troutman Pepper Locke

OCC Notifies Congress of Major Email System Security Breach

Troutman Pepper Locke on

On April 8, the Office of the Comptroller of the Currency (OCC) officially notified Congress of a significant information security incident involving its email system. This notification, mandated by the Federal Information...more

Quarles & Brady LLP

New York Cybersecurity Regulation Requires Submission of Compliance Certification or Acknowledgement of Noncompliance Next Week

Quarles & Brady LLP on

On April 3, 2025, the New York State Department of Financial Services (“DFS”) issued reminders about upcoming implementation and reporting deadlines related to its cybersecurity regulations. Upcoming deadlines require...more

Quarles & Brady LLP

Warning! ChatGPT Exploit Used by Threat Actors in Cyber Attacks

Quarles & Brady LLP on

Members of the health care and financial industries, along with other industries that hold sensitive data, are warned that a ChatGPT vulnerability is being actively exploited by threat actors to attack security flaws in AI...more

Ogletree, Deakins, Nash, Smoak & Stewart,...

Reminder: New York Cybersecurity Reporting Deadline April 15, 2025; New Regulations Effective May 1, 2025

Ogletree, Deakins, Nash, Smoak & Stewart,... on

Covered entities regulated by the New York State Department of Financial Services (NYDFS) must submit cybersecurity compliance forms by April 15, 2025. New sets of requirements for system monitoring and access privileges,...more

A&O Shearman

ESAs roadmap for designation of critical ICT third-party service providers under DORA

A&O Shearman on

The European Supervisory Authorities (ESAs) have published a roadmap for the designation of critical ICT third-party service providers (CTPPs) under the EU Digital Operational Resilience Act (DORA). The roadmap of key dates...more

Constangy, Brooks, Smith & Prophete, LLP

Cryptocurrency hacks and thefts: Insecure exchanges?

Constangy, Brooks, Smith & Prophete, LLP on

Cryptocurrency exchanges continue to be a target of hackers – and theft is the prize. On February 21, the cryptocurrency exchange Bybit reported that an Ethereum transaction was transferred to an unidentified address,...more

Harris Beach Murtha PLLC

May 1 Deadline for Amendments to NY Department of Financial Services Cybersecurity Standard

Harris Beach Murtha PLLC on

New York State’s Department of Financial Services is warning all regulated entities has released a Cybersecurity Regulation Updates and Reminder warning all companies that all regulated entities without a full exception that...more

A&O Shearman

European Central Bank updates TIBER-EU framework to align with DORA RTS on TLPT

A&O Shearman on

The European Central Bank (ECB) has published an updated version of the threat intelligence-based ethical red teaming framework (TIBER-EU framework) (dated January) to align with the Digital Operational Resilience Act (DORA)...more

A&O Shearman

European Banking Authority publishes amending guidelines on ICT and security risk management in the context of DORA

A&O Shearman on

The European Banking Authority (EBA) has published a final report with amending guidelines in respect of Guidelines EBA/GL/2019/04 on ICT and security risk management. The EBA reviewed the Guidelines in light of the Digital...more

Husch Blackwell LLP

New York Amends its Data Breach Notification Law

Husch Blackwell LLP on

Keypoint: New York has amended its data breach notification law twice in the last 60 days to (1) add a 30-day deadline for notifying affected residents, (2) clarify that covered financial entities must still notify the New...more

A&O Shearman

European Commission adopts Delegated Regulation on RTS on threat-led penetration testing under DORA

A&O Shearman on

The European Commission (EC) has adopted a Commission Delegated Regulation supplementing the Digital Operational Resilience Act (DORA) with regard to RTS specifying the criteria used for identifying financial entities...more

Orrick, Herrington & Sutcliffe LLP

CFPB’s union raises concerns over security and alleged misuse of sensitive information

Orrick, Herrington & Sutcliffe LLP on

On February 7, the union representing CFPB employees published a notice expressing concerns regarding the recent addition of certain DOGE employees to the CFPB’s email directory and their presence in offices. ...more

Orrick, Herrington & Sutcliffe LLP

Cyber Threats in Public Finance: Protecting Transactions from Wire Fraud

Orrick, Herrington & Sutcliffe LLP on

A recent cyberattack on a Michigan township has exposed weaknesses in the bond-closing process. In this incident, hackers stole over $25 million in bond proceeds by using spoofed email addresses to provide fraudulent wire...more

Morgan Lewis - Tech & Sourcing

DORA European Commission Clarifies Scope of ICT Services

Morgan Lewis - Tech & Sourcing on

European regulators recently published clarifications on the scope of ICT services under the EU Digital Operational Resilience Act (DORA), prepared by the European Commission, which confirms previous guidance and enables...more

McDermott Will & Emery

Data Privacy and Cybersecurity in 2025: PCI DSS 4.0

McDermott Will & Emery on

Following our recent client alert, learn more about PCI DSS 4.0 coming into effect and its impact on organizations in 2025. Mark Schreiber, Brian Long, and Sam Genovese share further insights from working with clients on...more

Cadwalader, Wickersham & Taft LLP

DORA Now in Force in the EU

Cadwalader, Wickersham & Taft LLP on

Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (“DORA”), which establishes a uniform set of requirements relating to the security of network and information systems supporting financial...more

197 Results
 / 
View per page
Page: of 8
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide