Search Results for: NYDFS

NYDFS Penalizes bitFlyer $1.2 Million for Violations to Cybersecurity Regulation

May 13, 2023 By Kim Peretti, Kate Hanniford, Lance Taubin and Ashley Miller

On May 1, 2023, bitFlyer USA, Inc. (“bitFlyer”) entered into a Consent Order with the New York Department of Financial Services (“DFS”) for multiple deficiencies in bitFlyer’s cybersecurity program, most notably for failure to conduct periodic risk assessments to sufficiently inform the design of bitFlyer’s cybersecurity program (as required by 23 NYCRR § 500.09(a)). BitFlyer […]

NYDFS Releases Significant Enhancements to its Cybersecurity Regulation in the Proposed Second Amendment

November 18, 2022 By Kim Peretti, Kate Hanniford, Ashley Miller and Lance Taubin

The New York Department of Financial Services (“DFS”) released their proposed second amendment to the Cybersecurity Regulation, 23 NYCRR Part 500 (“Proposed Second Amendment”) on October 9, 2022. DFS issued a minor amendment on April 2, 2020, revising the certification of compliance date (from February to April). The Proposed Second Amendment follows DFS’s “pre-proposed” draft […]

NYDFS Announces Significant Cybersecurity Settlement with EyeMed Vision Care

October 25, 2022 By Kim Peretti, Ashley Miller and Lance Taubin

On October 18, 2022, EyeMed Vision Care LLC (“EyeMed”) entered into a Consent Order with the New York Department of Financial Services (“DFS”) relating to a cybersecurity event from 2020 that exposed consumer nonpublic information (“NPI”) to an unauthorized individual. EyeMed agreed to pay DFS a $4.5 million penalty, in addition to implementing mandatory remediation […]

NYDFS Issues Guidance on Multi-Factor Authentication

December 14, 2021 By Kim Peretti, Kate Hanniford and Kristen Bartolotta

The New York Department of Financial Services (NYDFS) continues to refine its position regarding the importance of and requirements regarding Multi-Factor Authentication (MFA), as evidenced most recently with the release of new guidance. This new guidance is consistent with its June guidance, in which NYDFS clarified its expectation that NYDFS-regulated covered entities subject to 500.12 […]

NYDFS Issues Guidance on Cybersecurity Controls to Combat Ransomware and Clarifies Reporting Obligations

July 3, 2021 By Lance Taubin, Kate Hanniford and Kim Peretti

The New York Department of Financial Services (NYDFS) issued new guidance this week intended to assist organizations in thwarting ransomware attacks. The guidance clarifies the NYDFS’ expectation that NYDFS-regulated companies should “implement these controls whenever possible” and report any successful deployment of ransomware or unauthorized access to privilege accounts to the NYDFS under its established […]