On October 27, 2023, the FTC voted to approve supplemental amendments to the Safeguards Rule that will require non-bank financial institutions to notify the FTC electronically as soon as possible, and no later than 30 days after discovery, of any unauthorized acquisition of unencrypted customer information that affects at least 500 consumers. The breach notification must include certain information about the event, including a description of the event and the number of consumers affected or potentially affected. Notably, the FTC has stated that it intends to make the notifications publicly available through an online database. The final rule will become effective 180 days after publication in the Federal Register.