Wegmans Pays NYS $400,000 After Consumer Personal Information Data Breach
Written by Site Hub on July 1, 2022
According to New York Attorney General Letitia James, Wegmans needs to pay $400,000 after not doing enough security testing and failing to ensure consumer information was kept private. The breach was discovered in April 2021 when a security researcher found that a cloud storage container containing consumers’ sensitive information, such as usernames and passwords for Wegman’s accounts, customers’ names, email addresses, mailing addresses, and drivers’ license numbers, was unsecured and open to public access.
After the first discovery, in May 2021 Wegmans discovered a second cloud storage container was unsecured and had been open to the public for just under three years. Wegmans stated; “Wegmans takes the security of customer information very seriously and immediately remedied the situation once it was discovered. We have improved our processes to better protect customer information in the future. While we do not agree with some of the conclusions drawn by the attorney general, we cooperated fully in the investigation and are glad it has been concluded.”
Source: 13 WHAM