Attorney General George Jepsen of CT and Attorney General Douglas Gansler of Maryland have written to LivingSocial to request more information on their recent breach and how it may impact consumers. Their actions were announced in a press release yesterday.
The Attorneys General have asked the company to provide a detailed timeline of the incident, including when and how the company learned of the data breach, as well as a breakdown on the number of affected individuals in each state and the types of information compromised.
They are seeking information about the password protection, information storage and internal security systems the company had in place, and have asked whether the company has received any reports or complaints from users about unauthorized charges.
Additionally, among other information, they’ve requested:
• Copies of LivingSocial’s privacy policies at the time of the breach,
• Copies of any security reports or forensic analyses related to the incident, and
• An outline of any plan developed to prevent the recurrence of a breach and a timeline for the plan’s implementation.
You can read their full letter here. As of April 26, when LivingSocial reported the breach to the New Hampshire Attorney General’s Office, they indicated that the number of individuals in each state was “uncertain” and that they were “working on methods to develop reliable estimates.”