On June 6, 2019, the Attorney General of New York announced a settlement with Bombas LLC, an on-line sock retailer, which resolves the investigation into a breach of customer payment card information belonging to 39,561 consumers. According to the Attorney General, hackers introduced malicious software code into the platform code supporting Bombas’ website in September 2014. In November of that year, Bombas discovered the malicious code, and then waited two months to remediate. Moreover, the company waited until May 2018 to notify the affected consumers and relevant New York agencies. The attorney General found that Bombas’ behavior violated General Business Law §§ 899-aa, which requires notification within an expedient time-period and without unreasonable delay. In addition to a monetary settlement of $65,000, Bombas has agreed to injunctive provisions to prevent future violations, including expeditious investigations of future data security breaches and employee training.
June 18, 2019
On-line retailer resolves data breach notification delay with New York authorities
Related by Topic
Florida-based defendants banned from making robocalls for alleged TCPA violations
August 21, 2023
News Alert
FCC issues largest TCPA penalty ever
August 3, 2023
News Alert
Federal judge rules that attorneys’ fees are not available under BIPA absent a showing of bad faith
August 2, 2023
News Alert