2 min read

Banking Organizations May Face New Breach Notification Requirements from US Regulatory Bodies

Alina BÎZGĂ

January 14, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Banking Organizations May Face New Breach Notification Requirements from US Regulatory Bodies

US regulators have released a Notice of Proposed Rulemaking (NPRM) that would oblige banking organizations and bank service providers in the country to adhere to more stringent reporting requirements for security incidents.

The rule would require notifications of any “computer-security incident” that rises to the level of a “notification incident” within 36 hours of the organizations discovering the incident.

The proposed regulation, entitled Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers (Proposed Rule), would also oblige bank service providers to notify at least two individuals “at affected banking organization customers” immediately after a security incident disrupts, degrades or impairs services for at least four hours.

The notice, released January 12 by the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC), follows an increase in cyberattacks reported to federal law enforcement in the past years.

“These types of attacks may use destructive malware or other malicioussoftware to target weaknesses in the computers or networks of banking organizations supervised by the agencies,” the notice reads. “Some cyberattacks have the potential to alter, delete, or otherwise render a banking organization”s data and systems unusable. Depending on the scope of an incident, a banking organization”s data and system backups may also be affected, which can severely affect the ability of the banking organization to recover operations.”

The regulation also lists computer-security incidents that should be considered “notification incidents,” such as:

  • Large-scale DDoS attacks that disrupt customer account access (for four or more hours)
  • Widespread system outages and undeterminable recovery time experienced by a bank service provider used by a banking organization
  • A hacking incident that disables or disrupts banking operations for an extended period of time
  • The dispersion of malware on a financial institution”s network that would call for the organization to take all Internet-enabled network connections offline
  • Ransomware attacks that encrypt core banking systems or backup data

If the Proposed Rule passes, regulatory reporting obligations for banks and banking service providers will increase sharply, subjecting organizations to the most stringent federal incident reporting regulations to be implemented in the United States.

1 in 4 people is likely to be a victim of data breaches. Have you ever been exposed? Find out now with Bitdefender”s Digital Identity Protection.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Common Credentials Criminals Use in IoT Dictionary Attacks Revealed Common Credentials Criminals Use in IoT Dictionary Attacks Revealed
Silviu STAHIE

November 30, 2021

3 min read
Interpol Busts 1,000 Cyber Crooks and Recovers $27M in Massive Fraud Crackdown Interpol Busts 1,000 Cyber Crooks and Recovers $27M in Massive Fraud Crackdown
Filip TRUȚĂ

November 29, 2021

2 min read
Social media firms will be forced to unmask online trolls, says Australia Social media firms will be forced to unmask online trolls, says Australia
Graham CLULEY

November 29, 2021

2 min read