DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

MA: Payment Processor to Pay $155,000 Over Data Breach Affecting Thousands of Massachusetts Residents

Posted on December 20, 2018 by Dissent

Massachusetts Attorney General had a busy day yesterday announcing enforcement actions over data breaches that had been disclosed in 2015. In addition to her announcement about the McLean Hospital settlement, she also announced a second settlement stemming from another 2015 breach that had also been reported by DataBreaches.net at the time.

A California company that processes payments for rental and vacation properties will pay $155,000 to resolve allegations that it violated consumer protection and data security laws by exposing the personal information of 6,800 Massachusetts residents online, Attorney General Maura Healey announced today. 


In the assurance of discontinuance, filed in Suffolk Superior Court, Yapstone Holdings Inc. has also agreed to comply with state laws and implement policies to improve the security of its systems and protect sensitive consumer data online.


“This company broke the law by failing to take immediate action when consumers’ personal information was at risk,” said AG Healey. “Through our settlement, Yapstone will pay a penalty and take significant steps to safeguard the personal information of customers


The AG’s Office began its investigation after Yapstone notified the office of the incident in 2015. The investigation revealed that in July 2014, while modifying Yapstone’s website, the company’s engineers accidentally removed password protections from public-facing websites used to sign users up for Yapstone’s service. These websites stored consumers’ personal information, such as bank account and social security numbers, addresses, and driver’s license numbers. The mistake rendered the webpages publicly viewable to anyone on the internet for more than a year. The investigation found that Yapstone employees appeared to have been aware of the vulnerability in August 2014 but neglected to fix it until August 2015, when another employee discovered it. 


The settlement requires Yapstone to maintain a chief information security officer, train employees on data security, and assess and update information security policies relating to changes to its systems and to external vulnerabilities. 


The AG’s Office enforces the Massachusetts Data Security Regulations, which require businesses and organizations to develop, implement, and maintain a written information security program and protect the personal information of Massachusetts consumers. 


If you believe that you have been the victim of a data breach, you will need to take additional steps to protect your credit and your personal information. For additional information, consumers may contact the Attorney General’s consumer hotline at (617) 727-8400. Guidance for businesses on data breaches can be found here.


This matter was handled by Assistant Attorneys General Jared Rinehimer and Michael Lecaroz and Director of Data Privacy and Security Sara Cable, all of the AG’s Consumer Protection Division. 

Category: Business SectorExposureOf NoteU.S.

Post navigation

← MA: McLean Hospital to Implement New Security and Training Programs After Data Breach Exposed Sensitive Health Information
DrBenLynch.com notifies customers of payment card compromise →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.