DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Vermont Attorney General Sorrell Requires Security Upgrades And Assesses Penalty For Security Breach Violations

Posted on September 11, 2013 by Dissent

Attorney General William Sorrell has reached a settlement with Natural Provisions, a grocery store in Williston, Vermont in which Natural Provisions agreed to spend $15,000 to significantly upgrade its computer security system to exceed minimum legal protections, and to pay $15,000 to the State, in addition to other injunctive relief. The settlement resolves allegations that Natural Provisions failed to promptly notify its customers of a substantial data security breach and failed to expeditiously correct vulnerabilities in its system to fix its security. Consequently, Vermont consumers had credit cards compromised resulting in tens of thousands of dollars of credit card fraud. “In this age of increasing digital and electronic commerce, businesses must be ever more vigilant to guard against identity theft and the immense financial losses and headaches that can follow the theft of important personal information,” said Attorney General Sorrell.

The security breach at Natural Provisions involved theft of credit card numbers used at the store in 2012. When banks traced the fraud back to Natural Provisions, the store was informed that it was the likely source of the fraud. Under Vermont law, a company must notify the Attorney General within 14 days of the discovery of a breach, notify its customers within 45 days, and quickly take steps to remedy the breach. Natural Provisions failed to meet these standards. After it first obtained information that a security breach might have occurred at its store, it did not commence taking remedial action to resolve the security vulnerability for more than a month. It did not notify the Office of the Attorney General, comply with the Data Breach Notification Act, or complete remedial action necessary to resolve the security vulnerability for more than forty-five days. Prior to the security vulnerability being resolved, tens of thousands of dollars of credit card fraud took place. Some consumers had their credit cards compromised, had cards reissued, and had the new cards compromised after use at Natural Provisions.

By some estimates, over half of all data breaches take place at small businesses, which tend to be easy targets due to inadequate security. When companies suffer a breach and quickly inform the Attorney General as required by law, the office typically attempts to work with the company to foster compliance with Vermont’s laws and to fix the security problem, hopefully avoiding the necessity of taking any enforcement action. Assistance has included offers of free forensic analysis and security advice.

Further information about data security can be found at:

http://www.atg.state.vt.us/issues/consumer-protection/privacy-and-data-security.php#CCC.

SOURCE: Attorney General Sorrell

Category: Breach IncidentsBusiness SectorCommentaries and AnalysesID TheftOf NoteU.S.

Post navigation

← NY: Brewster salon owner stole from customers to pay for vacation, flight – Feds
Medical ID theft rates, costs continue to climb as consumers fail to protect their info or to report crime – Report →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.