New York State Department of Financial Services · NY
Reporting of Malicious Software Intrusions and Web Site Defacements
May 28, 2003
Summary
This directive mandates that supervised financial institutions in New York report successful, significant penetrations of computer systems, including web site defacements and malicious software intrusions. Institutions must also immediately notify the New York State Banking Department upon detecting a surge in attempted penetrations to facilitate statewide cybersecurity intelligence sharing.
Industry Letters
Reporting of Malicious Software Intrusions and Web Site Defacements
May 28, 2003
To the Institution Addressed
Attention of the Chief Executive Officer
In order to help ensure the continued safe and sound operation of the banking and financial services system in light of the increasing number of attempts to compromise data processing systems and Internet communications the New York State Banking Department is requesting your cooperation with the following request.
Specifically the Banking Department is requesting that all institutions under our supervision report successful, significant penetrations of their computer systems, including web site defacements, and virus, worm, and other malicious software intrusions. We also ask to be immediately notified if your firm notices an increased number of penetration attempts against its computer systems. For banking institutions, notification should normally be e-mailed to the portfolio manager assigned to your institution. For nonbanks, notification should be e-mailed to the deputy of the division that supervises your institution. For both bank and nonbank institutions, a cc to [email protected] should be included. You may also telephone the notification, in lieu of e-mail, if you wish.
It should be emphasized that if such system penetration results in the making of false entries, or the omission of true entries due to penetration of an institution’s automated systems, it may also require a filing under Part 300 of the Superintendent’s Regulations if a bank officer or employee was involved.
The Banking Department will forward these reports, without disclosing the name of the reporting institution, to the NYS Office of Cyber Security and Critical Infrastructure Coordination (CSCIC). CSCIC is the coordinating entity for cyber security for the State of New York and of a multi-state Information Sharing and Analysis Center. By pooling reports of uses of malicious software and hacking attempts patterns of attack may be discerned in time to take corrective action. CSCIC shares alerts and changes in the cyber threat level with the Banking Department. We at the Department will pass on these alerts to you.
Any questions regarding the aforementioned may be directed to the portfolio manager for your institution.
Very truly yours,
Barbara Kent
Acting Superintendent of Banks
Common questions
- What does "Reporting of Malicious Software Intrusions and Web Site Defacements" cover?
- This directive mandates that supervised financial institutions in New York report successful, significant penetrations of computer systems, including web…
- Which agency issued this update?
- This update was issued by New York State Department of Financial Services.
- When was it published?
- It was published on May 28, 2003.
Related updates
- ACI Payments, Inc. Settlement Agreement and Consent Order issued by the Division of Banking
- Ransomware Self-Assessment Tool (R-SAT) (October 23, 2023, Version 2.0 Release)
- Updated Nonbank Ransomware Self-Assessment Tool (R-SAT)
- Lakeview Loan Servicing, LLC, Pingora Loan Servicing, LLC, Community Loan Servicing, LLC, and Bayview Asset Management, LLC Multistate Settlement Agreement and Consent Order issued by the Division of Banking
- Pionex, Inc. Consent Order issued by the Division of Banking
- Cybersecurity Advisory - Heightened Cybersecurity Risks Associated with Frontier AI Models