Cyber; Industry News

DFS Warns Against Microsoft Exchange Security Holes

​The New York State Department of Financial Services (DFS) has warned all entities it regulates about newly discovered security vulnerabilities in the Microsoft Exchange Server software. The department advised all entities to take immediate actions to address the problem. The DFS regulates banking, financial services, and insurance organizations doing business in New York. If your agency is running this software, you may be at risk of having suffered a data breach already or of having one in the future. Agencies that use a cloud-based hosting service for email should not be affected.In a letter dated March 9, the department relayed Microsoft's report that it had found four…

Continue ReadingDFS Warns Against Microsoft Exchange Security Holes

DFS: Hackers Targeting Websites That Offer Instant Insurance Quotes

​The New York State Department of Financial Services today issued a warning of a "systemic and aggressive campaign to exploit cybersecurity flaws​" in websites that provide instant insurance quotes. The department urged all entities that it regulates, if they have instant quote websites, to review them for evidence of hacking.The alert, which DFS emailed to regulated entities and posted on its website today​, said that two auto insurers reported attempts by cybercriminals to steal unredacted driver's license numbers. These insurers off instant quotes for auto insurance on their sites. The New York Cybersecurity Requirements For Financial Services Companies regulation requires "covered entities" to report certain…

Continue ReadingDFS: Hackers Targeting Websites That Offer Instant Insurance Quotes

New Connecticut Data Security Law To Impact Insurance Agencies

​​A new Connecticut law will require many insurance agencies to implement cybersecurity programs. The requirements take effect in less than two months.The Insurance Data Security Law requires Connecticut licensees to develop, implement and maintain a comprehensive written information security program based on a risk assessment. The programs must include the administrative, technical and physical safeguards for protecting their information systems and the nonpublic information stored in them. The deadline for implementing the program is October 1, 2020. The program must be commensurate with:The size and complexity of the licensee The nature and scope of the licensee's activities, including, but not limited to, the licensee's use…

Continue ReadingNew Connecticut Data Security Law To Impact Insurance Agencies