On 25 May 2023, the New York State Department of Financial Services (NYSDFS) announced that it had reached a settlement with OneMain Financial Group in the investigation into its alleged cybersecurity regulation violations. Under the reached settlement, OneMain Financial Group is required to pay a USD 4.25 million penalty, implement technical measures to protect its cybersecurity systems and safeguard consumer data. The NYSDFS stated that OneMain Financial Group breached the Cybersecurity Regulation (23 NYCRR Part 500) through deficiencies in access rights management, failure to identify and address the third-party service provider risks, late due diligence checks, and failure to maintain formal development methodology.
Original source