AG James Alleges Sporting Goods Retailer Whiffed on Defending Consumer Data

Cozen O'Connor
Contact
LinkedIn
Facebook
X
Send
Embed

Cozen O'Connor

  • New York AG Letitia James settled with Sports Warehouse, Inc. and affiliated entities to resolve allegations that the online sporting goods retailer maintained poor data security practices that led to the compromise of personal information of over 136,000 New York consumers.
  • According to AG James, a cyber attacker was able to gain access to Sports Warehouse’s servers through a brute-force attack. The attacker then utilized web shells to gain access to other Sports Warehouse servers containing consumer credit card data, which later appeared on the dark web. According to AG James, Sports Warehouse failed to encrypt consumers’ private information or adopt appropriate data deletion practices.
  • Under the terms of the settlement, Sports Warehouse must pay $300,000 in penalties to the state, and improve its information security program to bolster encryption, strengthen password requirements, develop a regular penetration testing program, and revise data collection and retention practices, among other things.

Written by:

Cozen O'Connor
Cozen O'Connor
Contact
more
less

Cozen O'Connor on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide