NYDFS settles with insurance companies over failures in their cybersecurity programs
December 12, 2024
On November 25, 2024, the New York State Department of Financial Services (“NYDFS”) announced it settled with two large insurance companies over allegations of inadequate data security practices in violation of New York’s cybersecurity regulation (23 NYCRR Part 500) (the “Cybersecurity Regulation”) that led to the compromise of more than 120,000 New Yorkers’ personal information.