FTC orders non-bank financial firms to report breaches in 30 days

The U.S. Federal Trade Commission has amended the Safeguards Rules, mandating that all non-banking financial institutions report data breach incidents within 30 days. Such entities include mortgage brokers, motor vehicle dealers, payday lenders, investment firms, insurance companies, peer-to-peer lenders, and asset management firms. This requirement adds to the Safeguards Rule, aiming to enhance data security measures to protect customer information and strengthen compliance obligations. It applies to security incidents that impact 500 or more consumers, especially if unauthorized third parties accessed unencrypted information. "Companies that are trusted with sensitive financial information need to be transparent if that information has been compromised," stated FTC's Director of Bureau for Consumer Protection, Samuel Levine. "The addition of this disclosure requirement to the Safeguards Rule should provide companies with additional incentive to safeguard consumers' data." The notification requirement does not apply to cases where consumer information is encrypted as long as the attackers did not access the encryption key. The agency has added a provision for a 60-day delay should a law enforcement official seek an extension in the public disclosure of a specific incident. The FTC emphasizes that submitting a data breach report doesn't automatically imply a violation of the Safeguards Rule, nor does it ensure an investigation or enforcement action. The new notification requirement will become effective 180 days after publication of the rule in the Federal Register, so the rule should be applicable starting in April 2024. For more details on the amendments and their development process based on the feedback FTC received from stakeholders, you can read this document. Ransomware isn't going away - the problem is only getting worse. University of Michigan employee, student data stolen in cyberattack. Lyca Mobile investigates customer data leak after cyberattack. Caesars Entertainment confirms ransom payment, customer data theft. University of Sydney data breach impacts recent applicants.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to FTC orders non-bank financial firms to report breaches in 30 days

Law Firms and Legal Departments Get Singled Out For Cyberattacks - Cyberattackers are doubling down on their attacks against law firms and corporate legal departments, moving beyond their historical activity of hacking and leaking secrets to targeting the sector with financial attacks, such as ransomware and ...
1 year ago Darkreading.com
Data broker's "staggering" sale of sensitive info exposed in unsealed FTC filing - One of the world's largest mobile data brokers, Kochava, has lost its battle to stop the Federal Trade Commission from revealing what the FTC has alleged is a disturbing, widespread pattern of unfair use and sale of sensitive data without consent ...
1 year ago Arstechnica.com
How Cybersecurity for Law Firms has Changed - The public nature of the legal system makes law firms particularly vulnerable to a growing number of cybersecurity risks. Law firms have unique access to highly confidential client information and as a result, face a growing number of federal, ...
11 months ago Securityboulevard.com
A Comprehensive Look at the Financial Firms in European Union and Their Rules on Cloud-Based Services - Today's technology has opened up a world of possibilities for financial firms, especially with cloud-based services. Financial institutions are now able to access a great deal of information over the internet in an efficient and timely manner. ...
1 year ago Tripwire.com
Critical insights into Australia's supply chain risk landscape - Australian organizations find themselves navigating a minefield of supply chain risks, with a surge in incidents stemming from multi-party breaches. These breaches are often caused by vulnerabilities in cloud or software providers and are emerging as ...
8 months ago Tripwire.com
FTC Bans Online Mental Health Firm From Sharing Certain Data - The Federal Trade Commission has proposed restricting a mental telehealth service firm from sharing consumer data and requiring it to pay a $7 million penalty to settle allegations that the firm used online tracking tools to unlawfully disclose ...
7 months ago Bankinfosecurity.com
FTC orders non-bank financial firms to report breaches in 30 days - The U.S. Federal Trade Commission has amended the Safeguards Rules, mandating that all non-banking financial institutions report data breach incidents within 30 days. Such entities include mortgage brokers, motor vehicle dealers, payday lenders, ...
1 year ago Bleepingcomputer.com
CyberCrime & Doing Time: Identification Documents: an Obsolete Fraud Countermeasure - When I'm talking to bankers and other fraud fighters, I often mention how easy it is for a criminal to obtain a Drivers License bearing any information they desire. In the new case, Brianna Mills, a 28-year old bank teller in Loganville, Georgia ...
9 months ago Garwarner.blogspot.com
Forward Bank Notifies 46,019 Customers of Recent Data Breach - On November 17, 2023, Forward Bank filed a notice of data breach with the Attorney General of Maine after discovering that an unauthorized party was able to access certain files on the company's computer network. In this notice, Forward Bank explains ...
1 year ago Jdsupra.com
Law Firms are Raising the Bar on Cybersecurity - Corresponding with recent increases in threat actor activity in the legal industry, law firms are investing more time and attention in modernizing security operations. Both midsize and large law firms are increasingly engaging with cybersecurity ...
1 year ago Bluevoyant.com
Encore Bank Notifies Customers of Data Breach After Hackers Access an Employee Email Account - On January 31, 2024, Encore Bank filed a notice of data breach with the Attorney General of Massachusetts after discovering that an unauthorized party was able to gain access to an employee's email account. In this notice, Encore Bank explains that ...
10 months ago Jdsupra.com
Bank of America's Security Response: Mitigating Risks After Vendor Data Breach - In a concerning development, Bank of America has informed its customers about a possible data breach stemming from a security incident involving one of its vendors. This incident raises questions about the security of sensitive customer information, ...
9 months ago Cysecurity.news
A Deep Dive Into How Digital Pound Can Menace Financial Stability - The UK's expedition into releasing a digital pound has triggered a strong debate among policymakers and finance experts. The House of Commons Treasury Committee has shown concerns, cautioning that bringing a central bank digital currency in the UK ...
1 year ago Cysecurity.news
Hip Hip Hooray For Hipster Antitrust - The wheels of justice grind slowly, so many of the actions the FTC has brought are still pending. In tandem with the Department of Justice, it is suing over fake apartment listings, blocking noncompete clauses, targeting fake online reviews, and ...
9 months ago Eff.org
Nationwide Banking Crisis: Servers Down, UPI Transactions in Jeopardy - Several bank servers have been reported to have been down on Tuesday, affecting Unified Payments Interface transactions throughout the country. Several users took to social media platforms and reported that they encountered issues while making UPI ...
9 months ago Cysecurity.news
Ransomware, Data Breaches Inundate OT & Industrial Sector - Three-quarters of industrial firms suffered a ransomware attack in the past year, with far more compromises affecting operational technology than ever before - representing a surge in attacks driven by both the industrial sector's vulnerability and ...
11 months ago Darkreading.com
Anti-Fraud Project Boosts Security of African, Asian Financial Systems - A nonprofit has launched the first open source platform aimed at delivering sophisticated anti-fraud capabilities to financial systems in Africa as well as parts of Asia and the Middle East. The Tazama open source project is real-time financial ...
8 months ago Darkreading.com
FTC bans Rite Aid from using facial recognition surveillance for five years - Pharmacy chain Rite Aid is getting a timeout from AI facial recognition surveillance tech thanks to federal regulators. The U.S. Federal Trade Commission today announced a settlement with Rite Aid stating the chain recklessly deployed AI biometric ...
11 months ago Venturebeat.com
FTC Bars X-Mode from Selling Sensitive Location Data - Phone app location data brokers are a growing menace to our privacy and safety. Now the app tracks your every move and sends it to a broker, which then sells your location data to the highest bidder, from advertisers to police. The FTC's complaint ...
10 months ago Eff.org
CyberCrime & Doing Time: Classic Baggie: Part Three - He claimed he was selected as an independent contractor to rebuild a fleet of airplanes for KLM Royal Dutch Airlines, who had wired him $3.5 Million Euros into his Swiss bank account at Neue Privat Bank. His attorney, Phillip Richardson, said that he ...
10 months ago Garwarner.blogspot.com
FTC investigation shuts down suspected antivirus scam The Register - A pair of tech support businesses accused of swindling marks out of their hard-earned cash have agreed to cough up a $26 million settlement following an undercover probe by the FTC. Restoro and Reimage - both headquartered in Cyprus and, based on the ...
8 months ago Go.theregister.com
FTC fires 'shot across the bow' at automakers over connected-car data privacy - The Federal Trade Commission warned auto manufacturers on Tuesday that it is closely watching their data collection and sales activities, citing several recent enforcement actions which it suggested could apply to the industry's practice of sharing ...
6 months ago Therecord.media
SEC: Financial orgs have 30 days to send data breach notifications - The Securities and Exchange Commission has adopted amendments to Regulation S-P that require certain financial institutions to disclose data breach incidents to impacted individuals within 30 days of discovery. Regulation S-P was introduced in 2000 ...
6 months ago Bleepingcomputer.com
Blackbaud Faces Criticism for Cybersecurity Lapses After 2020 Data Breach - The cloud software company, Blackbaud, has come under fire from authorities for its major cybersecurity failings, stemming from a devastating ransomware attack in 2020. The attack exposed data from numerous educational institutions and non-profits ...
9 months ago Cysecurity.news
Rules To Regulate Bank's Tech Reliance - Financial Conduct Authority, Bank of England publish proposals to bolster tech resistance of the financial sector. The UK financial sector's reliance on technology and big name firms is being addressed by the Bank of England, Financial Conduct ...
11 months ago Silicon.co.uk

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)