BreachExchange mailing list archives
Sock company Bombas fined over data breach
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 7 Jun 2019 05:14:56 -0500
https://nypost.com/2019/06/06/sock-company-bombas-fined-over-data-breach/ Sock-maker Bombas has settled the most uncomfortable data-breach probe in the history of feet. New York Attorney General Letitia James on Thursday announced that Bombas LLC — whose ads call their products “the most comfortable socks in the history of feet” — will pay $65,000 in fines for waiting three years to tell 39,561 online customers that their credit and debit card data had been breached. The online socks retailer will also “implement a number of data security policies” to ensure customer cards are safer, and any future breaches are reported immediately, the AG said in a press statement. “New Yorkers deserve to shop with confidence and have faith that their personal information will be protected,” James said. The data breach happened Sept. 27, 2014, when hackers inserted card-data-stealing malware into the platform that supported the Bombas website, James said. Bombas discovered the hack on Nov. 29, 2014, but did not fix the problem until Jan. 15, 2015, two weeks later. Adding insult to injury, a few weeks after that, Bombas accidentally reintroduced the malware into the website, the AG said. The retailer — which says it donates a pair of socks to homeless shelters for every pair bought — failed to permanently delete the bad code until Feb. 8, 2015, the AG said. And it didn’t tell consumers about the breach until May 2018, more than three years after first learning of it, in violation of state law. Only at that point did Bombas offer consumers two years of free credit monitoring and ID theft services as required by law. “It was determined that the intruders accessed customer information including names, addresses, and credit card information of 39,561 payment card holders — roughly 2,971 of whom were New Yorkers,” James said. The retailer said of the settlement: “Bombas is pleased to close out this 2014 security incident. Our e-commerce protections and capacities have grown immensely over the last five years, and we remain committed to our customers’ security and satisfaction, as well as our efforts to improve the community where we all work and live.” _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Sock company Bombas fined over data breach Destry Winant (Jun 07)