The U.S. Federal Trade Commission (FTC) requires all non-banking financial institutions to report data breaches to FTC within 30 days.

Source: Heimdal Security Blog