This article originally appeared in Law360 on August 25, 2020.

In July 2020, the New York State Department of Financial Services filed formal charges against First American Title Insurance Company, alleging a failure to address a vulnerability on its public website that exposed tens of millions of confidential documents. The action was supported by a landmark cybersecurity regulation enacted in 2017, known as Part 500, which protects customer information and assigns cybersecurity responsibility to regulated entities including banks, financial services, insurance companies, lenders, mortgage companies and service providers.

In this Law360 Expert Analysis, Peter Halprin and Nicolas Pappas review the nature of the charges against First American and the insurance coverage implications for regulated entities, and offer guidance to those managing the bottom line of an institution as more claims, including class actions and regulatory actions, are likely to increase as a result of data breaches.

Read the full article here.