July 8, 2022

AG James Recovers $400,000 From Wegmans Over Alleged Data Security Lapses

Lori Kalani, Bernard Nash

Cozen O'Connor

+ Follow Contact

Facebook

Send

Embed

Cozen O'Connor

New York AG Letitia James reached a $400,000 settlement with grocery store chain Wegmans Food Markets, Inc. to resolve allegations that the personal information of more than three million consumers nationwide was exposed, including more than 830,000 New Yorkers, due to Wegmans’ failures to adopt reasonable data security practices in violation of New York State Executive Law §63(12) and General Business Law §§ 349 and 899-bb.
According to the AG’s office, Wegmans became aware in April 2021 that a cloud storage container had been left unsecured and publicly accessible since 2018, and subsequently identified a second exposed database in May 2021. Information including email addresses, account passwords and other sensitive information was left potentially exposed for approximately 39 months, as a result of several failures of Wegman’s data management policies, including access controls, password management, asset management, logging management and data collection and retention. Wegmans began notifying affected customers in June 2021.
Under the terms of the Assurance of Discontinuance, Wegmans will pay $400,000 in penalties and will overhaul its security and data management policies—particularly those relating to cloud assets—including but not limited to its asset management practices, penetration testing, centralized logging and monitoring, password policies and procedures for customer accounts, and data collection and retention practices, among other things.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

Written by:

Cozen O'Connor

Contact + Follow

Lori Kalani

+ Follow

Bernard Nash

+ Follow

less

Published In:

Assurance of Discontinuation (AOD)

+ Follow

Cloud Storage

+ Follow

Consumer Privacy Rights

+ Follow

Data Breach

+ Follow

Personal Information

+ Follow

State Attorneys General

+ Follow

Consumer Protection

+ Follow

Privacy

+ Follow

less

Cozen O'Connor on:

AG James Recovers $400,000 From Wegmans Over Alleged Data Security Lapses

Related Posts

Latest Posts

Written by:

Published In:

Cozen O'Connor on:

"My best business intelligence, in one easy email…"