On June 6, 2019, the Attorney General of New York announced a settlement with Bombas LLC, an on-line sock retailer, which resolves the investigation into a breach of customer payment card information belonging to 39,561 consumers. According to the Attorney General, hackers introduced malicious software code into the platform code supporting Bombas’ website in September 2014. In November of that year, Bombas discovered the malicious code, and then waited two months to remediate. Moreover, the company waited until May 2018 to notify the affected consumers and relevant New York agencies. The attorney General found that Bombas’ behavior violated General Business Law §§ 899-aa, which requires notification within an expedient time-period and without unreasonable delay. In addition to a monetary settlement of $65,000, Bombas has agreed to injunctive provisions to prevent future violations, including expeditious investigations of future data security breaches and employee training.
June 18, 2019
On-line retailer resolves data breach notification delay with New York authorities
Related by Topic
President Trump issues new executive order that reprioritizes cybersecurity efforts to protect the United States
June 11, 2025
News Alert
CISA announces the release of best practices for securing AI data
May 23, 2025
News Alert