NYDFS Penalizes Mortgage Company For Not Disclosing 2019 Breach

Kim Phan of Ballard Spahr writes:

On March 3^rd, the New York Department of Financial Services (“NYDFS”) announced a settlement with Residential Mortgage Services, Inc. (“RMS”) to resolve allegations that RMS violated the NYDFS Cybersecurity Regulation relating to a 2019 cyber breach.

In July 2020, NYDFS conducted an examination of RMS as a licensed mortgage banker. During the examination, NYDFS uncovered evidence that allegedly revealed that RMS had been subject to a cyber breach that had not been reported to NYDFS.

Read more on JDSupra.

Related: The NYDFS press release about this enforcement action is available here. A copy of the NYDFS consent order is available here.

"Louvre" as a password, outdated software, impossible updates… Ten years of IT security breaches at the world's leading museum
Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says
Canadian woman stuck since 2021 in Mauritius after passport withheld
‘People have had to move house’: Inside the British Library, two years on from devastating cyber attack
Two years after an audit highlighted significant concerns, North Salem Central School District leaves sensitive student data at risk
University of Pennsylvania says it wasn't hacked after a vulgar email was sent to campus community. They were wrong (1)