Privacy & Data Security

Protecting the privacy, integrity and security of our customers’ data and enterprise network is a top priority for OneMain.

Portrait Of Office Manager Holding Digital Tablet

Cyber Vigilance

We are focused on building a cyber-vigilant culture through education and training, such as teaching our team members:

How to properly secure sensitive company and customer data.

About email security and how to spot phishing attempts.

How to report cybersecurity incidents.

About other cybersecurity awareness measures.

How to properly secure sensitive company and customer data.

About email security and how to spot phishing attempts.

How to report cybersecurity incidents.

About other cybersecurity awareness measures.

Our cybersecurity team participates in the Financial Services Information Sharing and Analysis Center with other industry groups.

Together, we share best practices and work to improve our ability to detect, respond and recover from threats.

Cyber Protections

Our cybersecurity team, led by our Chief Information Security Officer, works to protect our systems against attacks and proactively takes steps to protect our customers, team members and company.

We have implemented sophisticated data security systems.

We conduct thorough self-assessments.

We vigorously protect our client and company data.

We encrypt all applications and use multi-factor authentication, whitelisting and access reviews.

We take data security seriously, continuously enhancing our programs to improve our resilience against threats and strengthen the security of company and customer data.

We invest in a third-party cybersecurity risk management program that:

Assesses the cybersecurity risk of our vendors.
Monitors vulnerability.
Helps us remedy any cybersecurity incidents third parties may experience.

Risk Response & Capability Improvement

We maintain a corporate cyber risk insurance policy.

We conduct incident response and cybersecurity drills to continuously improve our capabilities.

We conduct an annual risk assessment of our cybersecurity capabilities.

OneMain is subject to New York State Department of Financial Services (NYDFS) Cybersecurity Regulations.

Man sitting in office, working late in his start-up company

We created an Enterprise Cybersecurity Incident Response Plan, which helps identify, investigate and resolve any incidents impacting our customers, employees or company.

We maintain a corporate cyber risk insurance policy.

We conduct incident response and cybersecurity drills to continuously improve our capabilities.

We conduct an annual risk assessment of our cybersecurity capabilities.

OneMain is subject to New York State Department of Financial Services (NYDFS) Cybersecurity Regulations.

Service Organization Control
(SOC) 2 Report:

OneMain undergoes an annual SOC 2 Type II audit, which verifies that OneMain security controls are designed in accordance with the AICPA Trust Services Principles and Criteria.

Learn how we prioritize our customers, communities and team members in our Impact Reports.

Download 2023 Report

View past reports here.