On June 6, 2019, the Attorney General of New York announced a settlement with Bombas LLC, an on-line sock retailer, which resolves the investigation into a breach of customer payment card information belonging to 39,561 consumers. According to the Attorney General, hackers introduced malicious software code into the platform code supporting Bombas’ website in September 2014. In November of that year, Bombas discovered the malicious code, and then waited two months to remediate. Moreover, the company waited until May 2018 to notify the affected consumers and relevant New York agencies. The attorney General found that Bombas’ behavior violated General Business Law §§ 899-aa, which requires notification within an expedient time-period and without unreasonable delay. In addition to a monetary settlement of $65,000, Bombas has agreed to injunctive provisions to prevent future violations, including expeditious investigations of future data security breaches and employee training.
June 18, 2019
On-line retailer resolves data breach notification delay with New York authorities
Related by Topic
New Post
Cash App agrees to pay $375,000 to resolve allegations that it failed to adequately protect customer data
October 7, 2025
News Alert
New Post
Tractor Supply Company reaches historic $1.35 million settlement with privacy regulator in California
October 3, 2025
News Alert
New Post
Data Privacy Litigation Trends Against Insurers and Financial Services Companies
October 2, 2025
Insight