InfoBytes Blog
New York announces $1.9 million data breach settlement with global retailer
On October 12, the New York attorney general announced a $1.9 million settlement with an international e-commerce retailer for failing to properly handle a 2018 data breach. According to the settlement, the e-commerce owns and operates two brands (collectively, “respondents”), which experienced a data breach that caused 39 million accounts to be stolen, including accounts for more than 800,000 New York residents. The AG found, among other things, that the respondents failed to properly safeguard consumers’ information, failed to adhere to requirements for protecting stored credit card data, and misrepresented the extent of the cyberattack to consumers. As a result of the settlement, the respondents are required to pay New York $1.9 million in penalties and costs, and must maintain a comprehensive information security program that includes robust hashing of customer passwords, among other things.