Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

State AGs announce settlement to resolve alleged data security breach

Privacy, Cyber Risk & Data Security State Attorney General State Issues New Jersey Pennsylvania Data Breach Settlement

Privacy, Cyber Risk & Data Security

On July 26, a coalition of state attorneys general, co-led by the New Jersey AG and Pennsylvania AG, announced a settlement with a Pennsylvania-based convenience store chain related to an alleged data breach that compromised payment cards of consumers. According to the Assurance of Voluntary Compliance, the company experienced a breach of security between April 2019 and December 2019 that exposed consumer payment card data, including customers’ card numbers, expiration dates and cardholder names in New Jersey, Pennsylvania, Florida, Delaware, Maryland, and Virginia, as well as Washington, D.C. The AGs alleged that the company “failed to employ reasonable data security measures,” in violation of the states’ Consumer Protection Acts and Personal Information Protection Acts. Under the terms of the settlement, the company—without admitting to the allegations—has agreed to pay an $8 million fine, of which New Jersey is to receive approximately $2.5 million. The settlement also requires the company to strengthen its network protections and take measures to better protect consumer payment data.