United States of America: Announced settlement in NYSDFS investigation into OneMain Financial Group over alleged cybersecurity regulation violations

Description

Announced settlement in NYSDFS investigation into OneMain Financial Group over alleged cybersecurity regulation violations

On 25 May 2023, the New York State Department of Financial Services (NYSDFS) announced that it had reached a settlement with OneMain Financial Group in the investigation into its alleged cybersecurity regulation violations. Under the reached settlement, OneMain Financial Group is required to pay a USD 4.25 million penalty, implement technical measures to protect its cybersecurity systems and safeguard consumer data. The NYSDFS stated that OneMain Financial Group breached the Cybersecurity Regulation (23 NYCRR Part 500) through deficiencies in access rights management, failure to identify and address the third-party service provider risks, late due diligence checks, and failure to maintain formal development methodology.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
other service provider
Implementation Level
national
Government Branch
executive
Government Body
other regulatory body

Complete timeline of this policy change

Hide details
2023-05-25
in force

On 25 May 2023, the New York State Department of Financial Services (NYSDFS) announced that it had …

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.