NY| On March 9, 2021, the New York State Department of Financial Services (“DFS”) issued an industry letter to all of its regulated entities regarding the recent discovery of cybersecurity vulnerabilities in Microsoft Exchange Server.
DFS urges all regulated entities to immediately assess the risk to their systems and consumers, and take steps necessary to address vulnerabilities and customer impact. The assessment should identify internal use of vulnerable Microsoft Exchange products and any use of these products by critical third parties. Regulated entities should also continue to track developments in this compromise and respond quickly to new information. The full alert contains links to the tools provided by Microsoft for assessment and remediation.
Regulated entities are reminded to report Cybersecurity Events pursuant to 23 NYCRR Section 500.17(a) as promptly as possible and within 72 hours of the discovery of the event, at the latest.
Click here for full Cybersecurity Alert