23 NYCRR 500

Security

New York’s new guidance on third-party service provider cyber risk

October 24, 2025

The guidance does not impose new requirements; it helps NYDFS-regulated institutions meet existing obligations in light of evolving vendor-related cybersecurity risks.

Julie DiMauro5 min read
Enforcement

NYDFS fines dental plan firm $2m in phishing breach

August 20, 2025

Failure to use MFA to protect data of 90,000 customers leads to fine and raises legal questions.

Julie DiMauro4 min read
Data

New York fines Geico and Travelers $11.3m for data breaches

November 27, 2024

Auto insurers will pay fines totaling $11.3m for data breaches that New York officials say compromised personal information of 120,000 customers.

Julie DiMauro3 min read