Online Contacts and Eyewear Retailer Pays $100,000 Penalty to New York AG for Security Failures

Robinson+Cole Data Privacy + Security Insider
Contact

Online retailer Provision Supply LLC (Provision Supply) (operator of EZContactsUSA.com which sells contacts and eye glasses) settled with the New York attorney general last week for its failure to notify its web customers of a data breach that may have exposed 25,000 credit card numbers. Provision Supply will pay a $100,000 penalty and must improve its data security practices. New York Attorney General, Eric T. Schneiderman, said that the breach occurred back in August 2014, but Provision Supply did not learn of it until about a year later when its merchant bank informed Provision Supply that its customers credit cards were displaying fraudulent charges. After learning of these fraudulent charges, Provision Supply investigated the breach and hired a third party to remove the malware but it never informed its customers or law enforcement/the Attorney General of the incident which is in violation of the New York’s Information Security Breach and Notification Act.

Additionally, the Attorney General said that while Provision Supply’s EZContactwsUSA.com website said that it was “100 percent safe and secure” EZContactsUSA.com lacked a written security policy to address security issues, had no effective server and firewall configurations to guard against unauthorized access and did not install anti-virus or anti-malware software or conduct reviews of site performance and security configuration.

Since just the beginning of this year, the New York Attorney General’s office has noticed a 40 percent increase in data breach notifications to its office.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide