NY: Insurer Exposed ‘Millions’ Of Documents With Client’s Personal Data – InsuranceNewsNet

InsuranceNewsNet — Your Industry. One Source.™

Sign in
  • Subscribe
  • About
  • Advertise
  • Contact
Home Now reading Property and Casualty News
Topics
    • Life Insurance
    • Annuity News
    • Health/Employee Benefits
    • Property and Casualty
    • Advisor News
    • Washington Wire
    • Regulation News
    • Sponsored Content
    • Webinars
    • Monthly Focus
  • INN Exclusives
  • NewsWires
  • Magazine
  • Free Newsletters
Sign in or register to be an INNsider.
  • INN Exclusives
  • NewsWires
  • Magazine
  • Free Newsletters
  • Insider
  • About
  • Advertise
  • Editorial Staff
  • Contact
  • Newsletters

Get Social

  • Facebook
  • Twitter
  • LinkedIn
INN Exclusives
Property and Casualty News RSS Get our newsletter
Order Prints
July 22, 2020 Property and Casualty News No comments
Share
Share
Tweet
Email

NY: Insurer Exposed ‘Millions’ Of Documents With Client’s Personal Data

By Staff Reports InsuranceNewsNet

The New York State Department of Financial Services today filed charges against First American Title Insurance Co., claiming the company exposed millions of documents containing personal information of clients.

The charges are the first under the state's cybersecurity regulations adopted in 2017.

The department alleged that First American exposed consumers’ sensitive personal information, including bank account numbers, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers’ license images.

First American is one of the largest providers of title insurance in the United States, DFS said in a news release. In 2019, First American wrote more than 50,000 policies in New York State.

A vulnerability in First American's information systems resulted in exposure of consumers’ sensitive personal information over the course of several years, and First American failed to remedy the exposure promptly after it was discovered in December 2018, the state said in court documents.

DFS alleged multiple failures in First American's handling of this extraordinary data exposure of sensitive consumer information, including:

• First American failed to follow its own policies, neglecting to conduct a security review and a risk assessment of the flawed computer program and the sensitive data associated with the data vulnerability;

• First American misclassified the vulnerability as “low” severity despite the magnitude of the document exposure, while also failing to investigate the vulnerability within the timeframe dictated by First American's internal cybersecurity policies;

• after the data exposure was discovered by an internal penetration test in December 2018, First American failed to conduct a reasonable investigation into the scope and cause of the exposure, reviewing only 10 of the millions of documents exposed and thereby grossly underestimating the seriousness of the vulnerability; and

• the title insurer failed to follow the recommendations of its internal cybersecurity team to conduct further investigation into the vulnerability.

DFS alleged that these errors, deficient controls, and other flaws in First American’s cybersecurity practices led to the data exposure that persisted for years, including months after it was discovered.

According to the statement of charges, First American violated six provisions of the Cybersecurity Regulation. DFS alleges that each instance of Nonpublic Information encompassed within the charges constitutes a separate violation carrying up to $1,000 in penalties per violation.

A hearing on the charges will be held at the office of the Department of Financial Services in New York City, beginning on Oct. 26.

New York’s cybersecurity regulation went into effect in March 2017. Additional implementation time was granted for multiple provisions, and the regulation was not fully in effect until March 2019. The regulation grants particular exemptions for smaller businesses.

In public comments, DFS Superintendent Linda A. Lacewell has repeatedly said “Cybersecurity is the biggest threat to government and industry bar none” and has emphasized the DFS cybersecurity regulation will be enforced.

The regulation went on to become a model for other states, and ultimately formed the basis of a national model law passed by the National Association of Insurance Commissioners.

Older

Senate Panel Approves Trump’s Controversial Fed Nominee

Newer

Strong Economy Failed To Stem Rise Of Uninsured In 2017-18

Advisor News

  • Teach your clients effective strategies for today’s retirement
  • Consumers are pulling back on spending. They're also tapping savings and taking on debt.
  • Banks announce dividend plansTruist, Wells Fargo, Bank of America announce dividend hike plans
  • Jerry Shenk: Social Security demagoguery
  • Rick Kahler: My state flunked financial literacy. How about yours?
More Advisor News

Annuity News

  • Winning $300 million Powerball ticket purchased in Middlebury
  • Sammons names Kevin Mechtley to newly created product innovation role
  • Athene completes pension group annuity deal with Lockheed Martin
  • Integrity expands annuity, life insurance distribution with Annuity Agents Alliance
  • Nationwide increases roll-up rate, payout percentage on L.inc+ suite
Sponsor
More Annuity News

Health/Employee Benefits News

  • Aetna drops prior authorization for most cataract surgeries
  • Despite recession fears, employers look to enhance benefits in 2023
  • How will Roe v. Wade reversal impact employee health plans?
  • Jury still out on new insurance plan for Idaho schools
  • Citadel reaches $7.85M settlement over switching patients to boost Medicare payments
More Health/Employee Benefits News

Life Insurance

  • Wisconsin seeks policyholders of insolvent Time Insurance Co. products
  • 4 things to know about the return of premium life insurance
  • Murdaugh, Curtis Smith hit with new SC grand jury indictments
  • Foresters Financial boosts UL crediting rate to 4.75%
  • Protective Life releases 2021 sustainability report
More Life Insurance

- Presented By -

How to Write For InsuranceNewsNet

Find out how you can submit content for publishing on our website.
View Guidelines

FEATURED OFFERS

It’s time for John Hancock Insurance • See how our cutting-edge solutions can help you grow your life insurance business. Get to know us.
Grow your life insurance business with John Hancock • It’s time to see how our cutting-edge solutions can help you and your clients get to know us.

Press ReleasesAll press releases

  • iPipeline® Provides Advisors Excel with Unified Path Toward Accessing Core Data Analytics in Financial Services
  • iPipeline® Adds Speed of Underwriting to Quote Engine with Ethos to Deliver Insurance to Agents in Minutes
  • National Life Will Host Annual Investor Call
  • RFP #T01622
  • OneAmerica Commits $1 Million Toward Financial Literacy
Add your Press Release >

Topics

  • Life Insurance
  • Annuity News
  • Health/Employee Benefits
  • Property and Casualty
  • Advisor News
  • Washington Wire
  • Regulation News
  • Sponsored Content
  • Webinars
  • Monthly Focus

Top Sections

  • Life Insurance
  • Annuity News
  • Health/Employee Benefits News
  • Property and Casualty News
  • AdvisorNews
  • Washington Wire
  • Insurance Webinars

Our Company

  • About
  • Editorial Staff
  • Magazine
  • Write for INN
  • Advertise
  • Contact

Sign up for our FREE e-Newsletter!

Get breaking news, exclusive stories, and money- making insights straight into your inbox.

select Newsletter Options
Facebook Linkedin Twitter
© 2022 InsuranceNewsNet.com, Inc. All rights reserved.
  • Terms & Conditions
  • Privacy Policy
  • AdvisorNews

Sign in with your INNsider Account

Not registered? Become an INNsider.