On March 3, 2021, the DFS reached its first full resolution under its Part 500 Cybersecurity Regulation, a Consent Order with Residential Mortgage Services that imposes a $1.5 million penalty for several violations including:
- Failure to investigate whether an attacker, who compromised a single email mailbox, accessed private data of individuals.
- Failure to satisfy various state breach notification obligations.
- Failure to notify the DFS of the incident.
- Failure to conduct a cybersecurity risk assessment, as required by Part 500.
In this Client Update, we provide the following four takeaways from the DFS’s latest cybersecurity enforcement action . . . Continue reading.