Safeguard
Tag

financial-services

Safeguard articles tagged "financial-services" — guides, analysis, and best practices for software supply chain and application security.

27 articles

Case Studies

How a Fortune 500 Bank Ran Its SBOM Program

An anonymized look at how a Fortune 500 financial services firm operationalized an enterprise SBOM program using Safeguard across 4,200 applications.

Jan 15, 20267 min read
SBOM & Compliance

SBOM requirements for financial services under DORA

DORA now requires EU financial entities to track every software component down to the dependency level. Here's what the SBOM requirements actually mean.

Jan 5, 20267 min read
Regulation

DORA Subcontracting RTS: Inside Commission Delegated Regulation 2025/532

The DORA subcontracting RTS adopted on 24 March 2025 governs how ICT third-party providers may subcontract critical or important functions, in force from 22 July 2025.

Sep 2, 20256 min read
Regulation

DORA TLPT RTS: What the Threat-Led Penetration Testing Standard Requires

The Commission published the DORA TLPT RTS on 18 June 2025 with direct effect from 8 July 2025. Tests are mandated every three years, aligned to TIBER-EU methodology.

Aug 20, 20256 min read
Compliance

DORA Register of Information: Lessons From the First Submission

The 30 April 2025 ESA deadline forced banks and insurers to inventory every ICT contract against 105 prescribed data points — and exposed structural gaps in third-party data.

Jun 12, 20258 min read
Regulation

FTC Safeguards Rule: The 30-Day Notification Window in Effect

Since May 13, 2024, non-banking financial institutions must notify the FTC within 30 days of a notification event affecting 500 or more consumers.

Jun 10, 20257 min read
Incident Analysis

Patelco Credit Union RansomHub Attack: 1M Records, $7.25M Settlement

RansomHub maintained access to Patelco Credit Union's network from May 23 to June 29, 2024, ultimately exposing data on over one million members and triggering a $7.25M class settlement.

Mar 5, 20256 min read
Regulatory Compliance

DORA Operational Resilience: Software Implications

DORA became fully applicable January 17, 2025. Here's what Articles 6, 8, 28, and the ICT third-party RTS mean for the software you build, buy, and operate in the EU.

Jan 17, 20255 min read
Regulatory Compliance

NYDFS 500 Meets SBOM Requirements

23 NYCRR Part 500 was amended in 2023 with stronger third-party and vulnerability management language. For covered financial entities, SBOM practice has quietly become a compliance expectation.

Nov 25, 20247 min read
Compliance

NYDFS Cybersecurity Regulation: Software Security Requirements for Financial Firms

New York's DFS cybersecurity regulation sets a high bar for financial institutions. Here's how the 2023 amendments affect software supply chain practices.

Feb 18, 20245 min read
Incident Analysis

Bank of America Breach via Infosys McCamish Exposes 57,000 Customers

In February 2024, Bank of America disclosed that a ransomware attack on its service provider Infosys McCamish Systems had compromised the personal and financial data of over 57,000 customers, highlighting the cascading risk of vendor supply chain attacks.

Feb 12, 20248 min read
Incident Analysis

Mr. Cooper Mortgage Breach Exposes 14.7 Million Customers

In November 2023, mortgage giant Mr. Cooper disclosed a cyberattack that compromised the personal and financial data of 14.7 million current and former customers, making it one of the largest financial services breaches of the year.

Nov 1, 20237 min read
financial-services (Page 2) — Safeguard Blog