United States of America: Reached settlement agreement in New York Attorney General and State Department of Financial Services investigation into Travelers data breaches

Description

Reached settlement agreement in New York Attorney General and State Department of Financial Services investigation into Travelers data breaches

On 25 November 2024, the New York Attorney General and Department of Financial Services reached a settlement agreement with Travelers, which includes USD 1.55 million in penalties for data breaches exposing the personal information of 4'000 New York residents, resulting from compromised agent credentials and an absence of multifactor authentication. This breach was undetected for seven months. As a result of this investigation, Travelers is required to strengthen its cybersecurity practices, which include implementing comprehensive information security programs, maintaining data inventories with safeguards, enhancing authentication procedures and monitoring systems, and conducting threat response and penetration testing. Travelers must improve access controls and protections for non-public personal information.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
other service provider
Implementation Level
subnational
Government Branch
executive
Government Body
other regulatory body

Complete timeline of this policy change

Hide details
2024-11-25
under investigation

On 25 November 2024, the New York Attorney General and Department of Financial Services reached a s…