2 min read

Banking Organizations May Face New Breach Notification Requirements from US Regulatory Bodies

Alina BÎZGĂ

January 14, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Banking Organizations May Face New Breach Notification Requirements from US Regulatory Bodies

US regulators have released a Notice of Proposed Rulemaking (NPRM) that would oblige banking organizations and bank service providers in the country to adhere to more stringent reporting requirements for security incidents.

The rule would require notifications of any “computer-security incident” that rises to the level of a “notification incident” within 36 hours of the organizations discovering the incident.

The proposed regulation, entitled Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers (Proposed Rule), would also oblige bank service providers to notify at least two individuals “at affected banking organization customers” immediately after a security incident disrupts, degrades or impairs services for at least four hours.

The notice, released January 12 by the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC), follows an increase in cyberattacks reported to federal law enforcement in the past years.

“These types of attacks may use destructive malware or other malicioussoftware to target weaknesses in the computers or networks of banking organizations supervised by the agencies,” the notice reads. “Some cyberattacks have the potential to alter, delete, or otherwise render a banking organization”s data and systems unusable. Depending on the scope of an incident, a banking organization”s data and system backups may also be affected, which can severely affect the ability of the banking organization to recover operations.”

The regulation also lists computer-security incidents that should be considered “notification incidents,” such as:

  • Large-scale DDoS attacks that disrupt customer account access (for four or more hours)
  • Widespread system outages and undeterminable recovery time experienced by a bank service provider used by a banking organization
  • A hacking incident that disables or disrupts banking operations for an extended period of time
  • The dispersion of malware on a financial institution”s network that would call for the organization to take all Internet-enabled network connections offline
  • Ransomware attacks that encrypt core banking systems or backup data

If the Proposed Rule passes, regulatory reporting obligations for banks and banking service providers will increase sharply, subjecting organizations to the most stringent federal incident reporting regulations to be implemented in the United States.

1 in 4 people is likely to be a victim of data breaches. Have you ever been exposed? Find out now with Bitdefender”s Digital Identity Protection.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read