The New Jersey Attorney General and the Division of Consumer Affairs entered into a settlement agreement with a group of affiliated real estate and finance companies for security breaches and violations of the New Jersey Consumer Fraud Act, the Identity Theft Protection Act, and the Gramm-Leach-Bliley Act.
The companies involved had previously failed to implement adequate cybersecurity safeguards which resulted in three separate data breaches. These breaches compromised the data of at least 10,926 consumers and employees. This included close to 7,000 New Jersey residents. The breach meant unauthorized access was gained to the following information:
- Names
- Addresses
- Social Security numbers
- Credit card information
- Driver license numbers
- Other government identification numbers
- Payroll deductions
Settlement
A settlement was agreed to resolve the investigation of $1,200,000. $1,074,350.00 of that will be allocated to the Division’s civil penalty claims and the remaining $125,650.00 will go to the reimbursement of attorney’s fees and investigative costs.
Agreed Upon Actions
The companies will now be required to commit to a number of actions as laid out in the agreement.
- Maintain a comprehensive security program that includes regular updates to keep pace with changes in technology and security threats
- Retain an independent third party to assess the information security program and prepare an annual report of findings to confirm compliance with the provisions of the settlement
- Maintain an appointed qualified individual as Chief Information Security Officer
- Encrypt all sensitive customer information held or transmitted by the companies
- Implement and maintain multi-factor authentication for any individual accessing any information system connected to the companies’ network
- Maintain a risk assessment program to identify, address, and remediate risks affecting their network.
Security threats can be hard to track and are constantly evolving. Value Privacy can do a full health check on your companies and any third parties that you work with to assess where you may be at risk of a cyber attack. Find out more or contact us to chat about how we can help you.
