InfoBytes Blog
Massachusetts AG orders company to pay $230,000 for data breach
On July 21, the Massachusetts AG announced that a Rhode Island-based job placement service company must pay a $230,000 settlement to resolve allegations that it failed to implement the proper security programs, which led to a data breach. According to the assurance of discontinuance (AOD), the company was breached in December 2020 after an employee was a victim to a phishing email, resulting in a compromise of credentials that allowed hackers to access personal data of users. The AG alleged that the company violated Massachusetts data privacy laws by failing to have a written information security program (WISP) in place during or prior to the data breach. Under the terms of the settlement, the company is required to pay $230,000 in penalties, come into compliance with state laws, continue to implement and maintain a WISP, and continue to train its employees on the importance of personal information security.