As predicted in our February 4, 2020 blog post, the New York Department of Financial Services (“DFS”) has filed its first formal charges for violation of the state’s cybersecurity regulation. The charges were filed against an insurance company for allegedly violating several provisions of Part 500 of Title 23 of the New York Codes, Rules, and Regulations. In this case, the DFS alleged five distinct violations, including failure to identify and remediate certain risks, thereby enabling the potential exposure of millions of mortgage-related documents that contained sensitive non-public personal information. Additional details about this enforcement action may be found here.