NY A.G. settles with online retailer Bombas which failed to notify data breach involving credit cards details

Author: FGC

On June 6, 2019 Attorney General Letitia James, announced a $65,000 settlement with online retailer Bombas LLC for failing to provide notice of payment cards consumers’ data breach that affected 39,561 consumers.

In 2014 unauthorized intruders inserted malicious software code to steal payment card information into the ecommerce platform supporting Bombas’ website. Intruders accessed customer information (such as names, addresses, and credit card information) of 39,561 payment card holders.

Bombas started notification to the affected consumers only 3 years after the breach occurred, violating General Business Law §§ 899-aa.

Bombas offered the potentially affected customers two years of free credit monitoring, fraud consultation, and identity theft restoration services. The company also agreed to a number of injunctive provisions aimed at preventing similar breaches in the future.

“New Yorkers deserve to shop with confidence and have faith that their personal information will be protected,” said Attorney General Letitia James.

New York Attorney General Letitia James’s press release is available at https://ag.ny.gov…


For more information on how a data breach could impact your business Francesca Giannoni-Crystal and  Federica Romanelli