WEBINAR - Expert Panel: Choosing the Right RIA Compliance Partner in 2025
on August 20th 2025, 10am PT / 1pm ET - Save your Spot
< BACK TO BLOG

NYDFS fines OneMain Financial Group $4.5m for Cybersecurity Violations

The New York Department of Financial Services (NYDFS) fined OneMain Financial Group $4.5 million under Regulation 23 NYCRR Part 500 for violating the following:

  • Effectively manage third-party service provider risk
  • Manage access privileges
  • Maintain a formal application security development methodology

Some specific examples cited by the NYDFS:

OneMain permitted local administrative users to share accounts, compromising the ability to identify malicious actors, and also permitted those accounts to use the default password provided by OneMain at the time of user onboarding, increasing the risk of unauthorized access.

Takeaways:

  1. If you are a New York-covered entity, you better be taking 23 NYCRR Part 500 seriously.  They certainly are.
  2. Requiring password change after initial login should be the standard operating procedure.

Source: New York Department of Financial Services

Need Help Now?
sales@surgeone.ai
+1 650-294-8889
How it WorksOur ProcessPricing Options
What Our Clients SayWho We ServeCyber Bites
About usPrivacy policyContact Us
© Security Snapshot.
Privacy Policy | Master Services Agreement