September 18, 2021

Volume XI, Number 261

Advertisement

September 17, 2021

Subscribe to Latest Legal News and Analysis

September 16, 2021

Subscribe to Latest Legal News and Analysis

NYDFS Settles with Mortgage Company for Data Breach

On March 3, 2020, the New York Department of Financial Services (“NYDFS”) announced it had entered into a settlement with Residential Mortgage Services, Inc. (“RMS”) related to allegations that RMS violated the NYDFS Cybersecurity Regulation in connection with a 2019 data breach.

According to NYDFS, RMS, a licensed mortgage banker, experienced a data breach involving unauthorized access to an employee’s email account. The relevant email account allegedly had “a significant amount of sensitive personal data of mortgage loan applicants” that was exposed as a result of the compromise. NYDFS further alleged that RMS did not conduct an investigation or identify the compromised consumer data until directed to do so by NYDFS in 2020. NYDFS then conducted an examination, which concluded that RMS violated the Cybersecurity Regulation by failing to timely report the data breach. NYDFS also found that RMS “failed to have a comprehensive Cybersecurity Risk Assessment, another requirement of the Cybersecurity Regulation.”

As part of the settlement, RMS agreed to pay a $1.5 million penalty and undertake improvements to its existing cybersecurity program to bring the relevant controls into compliance with the Cybersecurity Regulation. According to the NYDFS press release, NYDFS “notes that RMS cooperated throughout the examination and investigation, and has appeared committed to expediting remediation of its cybersecurity controls.”

Read the full NYDFS settlement.

Copyright © 2021, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XI, Number 70
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement
Advertisement