A Cybersecurity Storm and Winds of Change: NY DFS requires all New York financial institutions to report effects of SolarWinds hack

The New York Department of Financial Services (NY DFS) issued an alert on Friday, December 18, 2020, requiring all NY DFS regulated entities to immediately report whether they have been affected in any way by the massive, state-sponsored security breach of SolarWinds. 

  • NY DFS’s request for immediate notification from all affected entities goes beyond what is normally required under NY DFS’s cybersecurity regulations, which generally only requires entities to report attacks that may cause material harm to a material part of their normal operations.
  • NY DFS emphasized the “sophistication and persistence of the malware and the adversary” involved and notes the hack is “active and ongoing.” 
  • This broad hack illustrates the importance of a public-private partnership of enhanced information sharing in the face of these advanced, state-sponsored threats.
  • This experience will generate lessons learned that will filter quickly into the rulemaking, examination and enforcement priorities of NY DFS and other regulators in 2021.

Learn more.

Back to top