The retailer failed to implement a security patch for a known vulnerability in code used in its online checkout process, which led to the compromise of customers’ credit card data; the retailer must establish an information security program that complies with requirements under New York state law, implement security controls (i.e., encryption, segmentation, penetration testing) and an incident response plan, and obtain an assessment by a PCI SSC Qualified Security Assessor.
Cardholder Data: Online Retailer Settles with NY AG for $200,000 Following Data Breach
Related Posts
Turkey’s Entire Population Has Data Leaked
It was discovered that roughly 85 million people’s data (the entire population of Turkey) had their information added…
Florida Privacy Bill maintains PRA
iapp.org/news/a/florida-privacy-bill-maintains-pra-ahead-of-house-floor-vote/
Ransomware Industrial Services
www.zdnet.com/article/ransomware-industrial-services-are-still-the-most-popular-target-but-now-cyber-criminals-are-diversifying-attacks/?ftag=COS-05-10aaa0g&taid=6177c71f35a2610001afc9a9&utm_campai…