Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About

Trending Topics

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni

    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor & Employment
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations

    Industries

    View All

    • Cannabis
    • Consumer
    • Energy
    • Entertainment
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Non Profit
    • Real Estate
    • Technology

    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    1. Home
    2. Insights
    3. Articles
    4. NYDFS agrees to $1.8 million data breach settlement with two life insurersArticles

    Article

    NYDFS agrees to $1.8 million data breach settlement with two life insurers

    July 13, 2021

    Share

    By Andrew Share

    The New York Department of Financial Services (“NYDFS”) recently entered into a consent order with two life insurance companies as a result of alleged violations of New York’s Cybersecurity Regulation.

    The New York Department of Financial Services (“NYDFS”) recently entered into a consent order with two life insurance companies as a result of alleged violations of New York’s Cybersecurity Regulation. The NYDFS determined that the companies had been the subject of phishing attacks in both 2018 and 2019, which compromised employee email accounts and thereby provided unauthorized access to customers’ sensitive and personal data. As a result, the NYDFS alleged that the companies violated the NY Cybersecurity Regulation:

    • by failing to implement MultiFactor Authentication (“MFA”) without implementing reasonably equivalent or more secure access controls;
    • By falsely certified compliance with the NY Cybersecurity Regulation in 2018 because MFA was not fully implemented; and
    • By exposing non-public personal data as a result of the data breaches.

    As part of the settlement, the companies agreed to: (1) pay a $1.8 million penalty to the State of New York; (2) conduct a cybersecurity risk assessment and submit the assessment results to the NYDFS; and (3) retain an independent third party to conduct an audit of the companies’ MFA controls and to have the results of those audits submitted to the NYDFS.

    The NY Cybersecurity Regulation became effective in March 2017 and requires insurance companies to implement and maintain a cybersecurity program designed to protect the confidentiality and integrity of their information systems as well as any consumer non-public information. This regulation was the basis for the National Association of Insurance Commissioner’s Insurance Data Security Model Law, which has now been adopted in Alabama, Connecticut, Delaware, Hawaii, Indiana, Iowa, Louisiana, Maine, Michigan, Minnesota, Mississippi, New Hampshire, North Dakota, Ohio, South Carolina, Tennessee, and Virginia.

    CybersecurityConsumer PrivacyData BreachCybersecurityNew York And NortheastPrivacy Litigation & Class ActionPrivacy

    Practices

    Cybersecurity & Privacy

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • © 2023 Nixon Peabody. All rights reserved
    • Privacy Policy
    • Terms of Use
    • Statement of Client Rights
    • Supplier Diversity Program
    • Nixon Peabody International LLC
    • PAL