1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • US government orders financial firms to report data breaches in l

    From TechnologyDaily@1337:1/100 to All on Tue Oct 31 14:30:05 2023
    US government orders financial firms to report data breaches in less than 30 days

    Date:
    Tue, 31 Oct 2023 14:27:52 +0000

    Description:
    Mortgage brokers, investment firms, and similar, now need to be more diligent with their reporting of cybersecurity incidents.

    FULL STORY ======================================================================

    All non-banking financial institutions in the United States will soon have 30 days to report a data breach, something that apparently they werent obliged
    to do before, under new regulations from the US Federal Trade Commission (FTC).

    The FTC recently amended its Safeguards Rules to include non-banking
    financial institutions such as mortgage brokers, investment firms, peer-to-peer lenders, and similar.

    In a press release , the Commission noted it voted 3-0 to publish the notice amending the Safeguards Rule in the Federal Register. As per the amendments, any incident that affects at least 500 consumers - and especially incidents
    in which cleartext information was involved - needs to be reported. Starting April 2024

    "Companies that are trusted with sensitive financial information need to be transparent if that information has been compromised," said FTC's Director of Bureau for Consumer Protection, Samuel Levine. "The addition of this disclosure requirement to the Safeguards Rule should provide companies with additional incentive to safeguard consumers' data."

    Incidents where encrypted data is stolen are exempt from the rules (unless
    the attackers stole the encryption key, too).

    When submitting the notice, the companies need to detail the name and contact information of the reporting institution, the number of impacted consumers
    and of those potentially affected, the description of the types of data that have been potentially exposed, the exposure date, and, if possible to determine, the duration of the incident, confirmation if the police advised not to report the incident, BleepingComputer reported.

    If the police asked the company to keep quiet so as not to affect the investigation, theyre allowed a 60-day delay, it was added.

    This new requirement will come into force 180 days after being published in the Federal Register, meaning it will kick off in April 2024.

    The FTC added that submitting a data breach doesnt imply a violation of the Safeguards Rule or an investigation or enforcement action. More from
    TechRadar Pro LastPass security breach linked to a string of crypto heists Here's a list of the best firewalls today These are the best malware removal tools around



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/us-government-orders-financial-firms-to -report-data-breaches-in-less-than-30-days


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)