On June 6, 2019, the Attorney General of New York announced a settlement with Bombas LLC, an on-line sock retailer, which resolves the investigation into a breach of customer payment card information belonging to 39,561 consumers. According to the Attorney General, hackers introduced malicious software code into the platform code supporting Bombas’ website in September 2014. In November of that year, Bombas discovered the malicious code, and then waited two months to remediate. Moreover, the company waited until May 2018 to notify the affected consumers and relevant New York agencies. The attorney General found that Bombas’ behavior violated General Business Law §§ 899-aa, which requires notification within an expedient time-period and without unreasonable delay. In addition to a monetary settlement of $65,000, Bombas has agreed to injunctive provisions to prevent future violations, including expeditious investigations of future data security breaches and employee training.
June 18, 2019
On-line retailer resolves data breach notification delay with New York authorities
Related by Topic
New Post
One Month In: What We Know About the Trump Administration’s Policies on AI, Privacy, and Cybersecurity
February 24, 2025
Insight
New Post
SEC establishes the Cyber and Emerging Technologies Unit (CETU)
February 24, 2025
News Alert
New Post
DOJ reaches $11 million settlement with healthcare support services providers to resolve alleged cybersecurity failures
February 20, 2025
News Alert