Financial regulator pushes cybersecurity
expressed concern about gence processes used to the “level of insight fievaluate” the adequacy of nancial institutions have security procedures of In the wake of the suminto the sufficiency of cythird-party service providmer’sers.massivecyberattack bersecurity controls of their on JPMorgan Chase and third-party service providHe has asked financial other financial institutions, ers.” institutions to outline all government authorities are The New York State’s top methods of protection used pushing financial institufinancial regulator has reto safeguard sensitive data tions and brokerage houses quested that banks disclose that is sent to, received from to close what they see as “any policies and proor accessible to vendors. glaring gaps in cybersecurcedures governing relation“It is abundantly clear ity. ships with third-party servthat, in many respects, a
In a letter sent to many ice providers,” according to firm’s level of cybersecurity banks Tuesday, the New a copy of the letter obtained is only as good as the York State Department of by Reuters. cybersecurity of its venFinancial Services superinLawsky said that banks dors,” Lawsky said in the tendent, Benjamin Lawsky, must provide “any due dili- letter.
The names, addresses, phone numbers and email addresses of the holders of about 83 million households and small business accounts were exposed when computer systems at JPMorgan Chase were compromised this summer by hackers, making it one of the biggest data breaches in history.
Yet the bank has said there is no evidence that account numbers, passwords, user IDs, birth dates or Social Security numbers had been stolen.