On June 6, 2019 Attorney General Letitia James, announced settlement with online retailer Bombas LLC for failing to provide notice of payment cards consumers’ data breach occurred to 39,561 consumers.
In 2014 unauthorized intruders inserted malicious software code to steal payment card information into the ecommerce platform supporting Bombas’ website. Intruders accessed customer information (such as names, addresses, and credit card information) of 39,561 payment card holders.
Bombas started notifying the consumers of the breach only 3 years after it occurred, violating General Business Law §§ 899-aa.
Bombas offered the potentially affected customers two years of free credit monitoring, fraud consultation, and identity theft restoration services through Kroll Inc. The company also agreed to a number of injunctive provisions aimed at preventing similar breaches in the future.
“New Yorkers deserve to shop with confidence and have faith that their personal information will be protected,” said Attorney General Letitia James.
New York Attorney General Letitia James’s press release is available at https://ag.ny.gov…
Originally published on Technethics on June 2019