Hilton Settles Data Breach Investigations with NY and VT AGs

Linn Freedman
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

Hilton Domestic Operating Co., Inc. (Hilton) has agreed to pay the New York and Vermont Attorneys General $700,000 to settle allegations that they violated those state consumer protection and data breach notification laws when it failed to implement reasonable security measures to protect consumer data and for waiting nine months to notify consumers of a data breach.

Hilton suffered two malware intrusions—the first was discovered in February 2015 and had exposed consumer data from November 18, 2014, and December 5, 2014. Hilton then discovered a second malware infection in July of 2015. This incident exposed 363,952 credit card numbers. Hilton publicly disclosed the breaches on November 24, 2015, which the AGs found to be unreasonable, despite the fact that Hilton claimed there was no evidence that the data had been exfiltrated from its system.

In addition to the payment of the monetary penalty, Hilton has agreed to implement a comprehensive information security program designed to protect consumers’ credit card information.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide