Cyber Regulatory Enforcement Actions and Implications for Insurance Coverage, New York Law Journal

By Eric B. Stern, partner and co-chair of the KD Data Privacy & Cybersecurity Practice Group, and Andrew Lipkowitz, KD attorney – 
Published by New York Law Journal  on November 4, 2020

On July 22, 2020, the New York Department of Financial Services (DFS), announced that it had commenced a regulatory enforcement action against First American Title Insurance Company (First American), which according to the DFS, is the second largest title insurance provider in the United States. In the action, DFS alleges that First American violated the DFS’s Cybersecurity Requirements for Financial Services Companies (or the “Cybersecurity Regulation”), which first took effect on March 1, 2017, and generally requires, among other things, all entities regulated by the DFS, such as banks and insurance companies, to adopt a cybersecurity program to protect consumers’ private information. Specifically, DFS alleges that First American exposed hundreds of millions of documents over the course of several years as a result of a vulnerability in First American’s information systems, which may have exposed documents containing consumers’ private information, including bank account numbers, mortgage and tax records, Social Security numbers, and drivers’ license images.

Read more at the full article.