Security Snapshot is now part of SurgeONE.ai Same experts, even more power.
< BACK TO BLOG

NYDFS fines OneMain Financial Group $4.5m for Cybersecurity Violations

The New York Department of Financial Services (NYDFS) fined OneMain Financial Group $4.5 million under Regulation 23 NYCRR Part 500 for violating the following:

  • Effectively manage third-party service provider risk
  • Manage access privileges
  • Maintain a formal application security development methodology

Some specific examples cited by the NYDFS:

OneMain permitted local administrative users to share accounts, compromising the ability to identify malicious actors, and also permitted those accounts to use the default password provided by OneMain at the time of user onboarding, increasing the risk of unauthorized access.

Takeaways:

  1. If you are a New York-covered entity, you better be taking 23 NYCRR Part 500 seriously.  They certainly are.
  2. Requiring password change after initial login should be the standard operating procedure.

Source: New York Department of Financial Services

Need Help Now?
sales@surgeone.ai
+1 650-294-8889
How it WorksOur ProcessPricing Options
What Our Clients SayWho We ServeCyber Bites
About usPrivacy policyContact Us
© Security Snapshot.
Privacy Policy | Master Services Agreement