BreachExchange mailing list archives
U.S. banks must report hacks within 36 hours, new rule says
From: Terrell Byrd <terrell.byrd () riskbasedsecurity com>
Date: Fri, 19 Nov 2021 10:31:51 -0500
https://www.seattletimes.com/business/u-s-banks-must-report-hacks-within-36-hours-new-rule-says/ Banks must report major cyberattacks to regulators within 36 hours if the incident is likely to disrupt their business, according to a new rule from U.S. regulators. Any “computer security incident” that threatens a lender’s operations, services to customers or the stability of the financial system has to be disclosed to the bank’s primary government watchdog, according to a rule issued on Thursday that is set to go live on May 1. The regulation, approved by the Federal Reserve and other banking agencies, will also extend to companies that provide services to banks. Those firms will be asked to notify their bank clients as soon as possible when disruptions are expected to affect customers for more than four hours. Possible examples of incidents that firms should report include large-scale distributed denial of service attacks or a computer hack that knocks out banking operations for more than a brief period, according to the rule from the Fed, Office of the Comptroller of the Currency and Federal Deposit Insurance Corp. The 36-hour clock starts as soon as the bank is aware of an incident, according to the rule.
_______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- U.S. banks must report hacks within 36 hours, new rule says Terrell Byrd (Nov 23)