New York’s Cybersecurity mandate under the New York SHIELD Act became effective on March 22, 2020. This unfortunate timing, considering its alignment with the beginning of COVID-19 shutdowns, created an almost unspoken moratorium on enforcement of the Act until recently. Two years post-enactment, the NY Attorney General’s Office (NYAG) has revealed its increased focus on compliance with SHIELD, including recent settlements associated with data breaches suffered by EyeMed, Inc., Wegmans Food Markets, Inc. and Carnival Corporation.
In EyeMed, the company suffered a data breach in 2020 when cybercriminals gained access to an EyeMed email account containing sensitive emails with attachments dating back six years. The categories of information compromised included names, addresses, social security numbers and insurance account numbers. The NYAG investigation revealed that the hacker used the compromised account to send phishing emails to EyeMed clients, seeking to obtain login credentials. The breach affected approximately 2.1 million U.S. residents, including 98,632 New York residents.
Upon notification, the NYAG investigated EyeMed’s cybersecurity practices at the time of the breach. As a result of the investigation and subsequent enforcement proceeding, the parties reached a settlement obligating EyeMed to pay New York State $600,000 for its violation of SHIELD cybersecurity requirements, and implement the following changes immediately:
Following EyeMed, in June, the NYAG settled with Wegmans for $400,000 after discovery of its “poor cybersecurity systems and practices.” Wegmans will now pay New Yo ..
Support the originator by clicking the read the rest link below.
