Hunton Andrews Kurth writes:
On February 16, 2021, the New York Department of Financial Services (“NYDFS”) issued a Cyber Fraud Alert (the “Alert”) to regulated entities in light of a growing campaign to steal Nonpublic Information (“NPI”), as defined under New York law, from public-facing websites that provide instant quotes for products like auto insurance (“Instant Quote Websites”). The NYDFS learned of the threat after receiving reports from auto insurers that cybercriminals were targeting their premium quote sites to steal driver’s license numbers. NYDFS attributes the growing threat activity, in part, to heightened fraud during the COVID-19 pandemic. As we previously reported, NYDFS issued guidance regarding cybersecurity during the pandemic in April 2020.
The Alert (1) calls for all regulated entities with public-facing websites to immediately remediate any security flaws; (2) reminds regulated entities to report Cybersecurity Events as promptly as possible and within 72 hours at the latest pursuant to New York cybersecurity requirements for financial services companies; and (3) asks that attempted thefts of NPI from public-facing sites promptly be reported to NYDFS.
Read more on Privacy & Information Security Law Blog.