Curated Content | Thought Leadership | Technology News

New York DFS Imposes $1M Cybersecurity Penalty on First American Title

Tangible conseqences.
Kelsey Brandt
Contributing Writer

First American Title Insurance Company has been hit with a $1 million penalty from the New York State Department of Financial Services due to violations resulting from a cybersecurity breach in May 2019. The attack exposed over 885 million documents of consumers’ non-public data and access to sensitive information including Social Security numbers, driver’s licenses, and financial data dating back to 2003.

The enforcement action is part of DFS’s broader strategy to implement and enforce stringent cybersecurity regulations. By imposing significant penalties and requiring comprehensive remedial measures, DFS is sending a strong message to all entities under its jurisdiction about the seriousness with which it views cybersecurity compliance.

This approach is reflective of a larger trend among governmental agencies, both at the state and federal levels, to prioritize cybersecurity as a key aspect of consumer protection and corporate governance.

Why it matters: This resolution serves as a reminder of the gravity of cybersecurity lapses within organizations. The imposition of a $1 million penalty highlights the tangible consequences associated with inadequate cybersecurity measures, emphasizing the pivotal need for companies, to rigorously adhere to and bolster their cybersecurity protocols to safeguard consumer data effectively.

  • In May 2019, First American experienced a large-scale cybersecurity breach, leading to the exposure of consumers’ nonpublic information. DFS found that the company failed to maintain effective governance, classification, access controls, identity management, and risk assessment policies and procedures.
  • As a result, First American will pay a $1 million penalty to New York State for violations of DFS’s Cybersecurity Regulation – 23 NYCRR Part 500. In addition to the financial penalty, First American has agreed to implement significant measures to enhance the security of consumer data.
  • The DFS Cybersecurity Regulation, effective since March 2017, has been a model for other regulators, including the U.S. Federal Trade Commission and various states. In November 2023, DFS Superintendent Adrienne A. Harris adopted amendments to the Cybersecurity Regulation to further strengthen cyber governance and mitigate risks.

Go Deeper –> DFS Announces $1 Million Cybersecurity Settlement With First American Title Insurance Company – DFS NY

You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

graduation caps thrown in the air
Some say this generation is simply not ready.

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.