Cardholder Data: Online Retailer Settles with NY AG for $200,000 Following Data Breach

The retailer failed to implement a security patch for a known vulnerability in code used in its online checkout process, which led to the compromise of customers’ credit card data; the retailer must establish an information security program that complies with requirements under New York state law, implement security controls (i.e., encryption, segmentation, penetration testing) and an incident response plan, and obtain an assessment by a PCI SSC Qualified Security Assessor.

Total
0
Shares
Previous Post

Privacy Principles: OAS Adds New Privacy and Data Protection Principle

Next Post

SSC GDPR: European Commission Adopts New Standard Contractual Clauses

Related Posts
Total
0
Share
en_USEN