United States of America: Announced settlement in NYSDFS investigation into OneMain Financial Group over alleged cybersecurity regulation violations

On 25 May 2023, the New York State Department of Financial Services (NYSDFS) announced that it had reached a settlement with OneMain Financial Group in the investigation into its alleged cybersecurity regulation violations. Under the reached settlement, OneMain Financial Group is required to pay a USD 4.25 million penalty, implement technical measures to protect its cybersecurity systems and safeguard consumer data. The NYSDFS stated that OneMain Financial Group breached the Cybersecurity Regulation (23 NYCRR Part 500) through deficiencies in access rights management, failure to identify and address the third-party service provider risks, late due diligence checks, and failure to maintain formal development methodology.