DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Vermont Attorney General Sorrell Requires Security Upgrades And Assesses Penalty For Security Breach Violations

Posted on September 11, 2013 by Dissent

Attorney General William Sorrell has reached a settlement with Natural Provisions, a grocery store in Williston, Vermont in which Natural Provisions agreed to spend $15,000 to significantly upgrade its computer security system to exceed minimum legal protections, and to pay $15,000 to the State, in addition to other injunctive relief. The settlement resolves allegations that Natural Provisions failed to promptly notify its customers of a substantial data security breach and failed to expeditiously correct vulnerabilities in its system to fix its security. Consequently, Vermont consumers had credit cards compromised resulting in tens of thousands of dollars of credit card fraud. “In this age of increasing digital and electronic commerce, businesses must be ever more vigilant to guard against identity theft and the immense financial losses and headaches that can follow the theft of important personal information,” said Attorney General Sorrell.

The security breach at Natural Provisions involved theft of credit card numbers used at the store in 2012. When banks traced the fraud back to Natural Provisions, the store was informed that it was the likely source of the fraud. Under Vermont law, a company must notify the Attorney General within 14 days of the discovery of a breach, notify its customers within 45 days, and quickly take steps to remedy the breach. Natural Provisions failed to meet these standards. After it first obtained information that a security breach might have occurred at its store, it did not commence taking remedial action to resolve the security vulnerability for more than a month. It did not notify the Office of the Attorney General, comply with the Data Breach Notification Act, or complete remedial action necessary to resolve the security vulnerability for more than forty-five days. Prior to the security vulnerability being resolved, tens of thousands of dollars of credit card fraud took place. Some consumers had their credit cards compromised, had cards reissued, and had the new cards compromised after use at Natural Provisions.

By some estimates, over half of all data breaches take place at small businesses, which tend to be easy targets due to inadequate security. When companies suffer a breach and quickly inform the Attorney General as required by law, the office typically attempts to work with the company to foster compliance with Vermont’s laws and to fix the security problem, hopefully avoiding the necessity of taking any enforcement action. Assistance has included offers of free forensic analysis and security advice.

Further information about data security can be found at:

http://www.atg.state.vt.us/issues/consumer-protection/privacy-and-data-security.php#CCC.

SOURCE: Attorney General Sorrell

Related posts:

  • Madison Square Garden Company Alerts Customers of Payment Card Data Breach
Category: Breach IncidentsBusiness SectorCommentaries and AnalysesID TheftOf NoteU.S.

Post navigation

← NY: Brewster salon owner stole from customers to pay for vacation, flight – Feds
Medical ID theft rates, costs continue to climb as consumers fail to protect their info or to report crime – Report →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.