On 25 November 2024, the New York Attorney General and Department of Financial Services reached a settlement agreement with Travelers, which includes USD 1.55 million in penalties for data breaches exposing the personal information of 4'000 New York residents, resulting from compromised agent credentials and an absence of multifactor authentication. This breach was undetected for seven months. As a result of this investigation, Travelers is required to strengthen its cybersecurity practices, which include implementing comprehensive information security programs, maintaining data inventories with safeguards, enhancing authentication procedures and monitoring systems, and conducting threat response and penetration testing. Travelers must improve access controls and protections for non-public personal information.
Original source