Skye Witley reports:
Internet commerce services vendor Freestyle Solutions Inc. must face a trimmed-down lawsuit alleging it misled customers about its cybersecurity practices before hackers gained access to its network, a federal New Jersey court ruled.
Freestyle succeeded in dismissing most of the claims, including negligence, but will have to defend issues surrounding its contract language, Judge Susan D. Wigenton ruled Friday for the US District Court for the District of New Jersey.
Read more at Bloomberg Law (sub. req.)
The complaint alleges that Freestyle’s contract language had assured PulseTV that it was PCI DSS-compliant when it wasn’t. Payment card information of over 236,000 of PulseTV’s customers was compromised in a data breach that continued for more than a year. The breach was only discovered because PulseTV was sent alerts about them being a Common Point of Compromise in March 2021, and then received more alerts in October 2021. The breach was confirmed in 2022 when they retained Kroll to investigate after previous investigations failed to uncover the breach. Data from the breach is reportedly on the dark web.