Attorney General Pam Bondi, along with the 49 other attorneys general and the District of Columbia, today reached a settlement with Uber Technologies, Inc. for allegedly failing to comply with the Florida Information Protection Act and other related laws. [Read more…] about $148 Million Settlement Reached with Uber for Data Breach
- Changing your passwords on all your accounts regularly.
- Checking your credit report at least annually with the three national credit reporting agencies (Equifax, Experian, and TransUnion).
- Shredding or destroying all documents with personal identifying information when you are finished with them.
- Never verifying or giving personal identifying information over the phone or through email, especially if the contact was unsolicited.
- Request fraud alerts on your accounts and your credit report.
- Check: Watch for suspicious or unauthorized transactions on your financial, professional and personal accounts. Contact the sender immediately if financial statements or bills do not arrive on time.
- Contact: File a report with the Federal Trade Commission, the FBI’s Internet Crime Complaint Center and local law enforcement. Contact your financial institutions to alert them, and to replace your debit and credit cards. Request a freeze of your credit reports from the three national credit reporting agencies (Equifax, Experian, and TransUnion).
- Collect: Collect all evidence that you may have to support your claim. This could be cancelled checks, credit card receipts, unusual email messages, etc.
Attorney General Pam Bondi, 31 other state attorneys general and the District of Columbia today announced a $5.5 million settlement reached with Nationwide Mutual Insurance Company and its subsidiary, Allied Property & Casualty Insurance Company, concerning an October 2012 data breach. The data breach resulted in the loss of personal information belonging to 1.27 million consumers, including their Social Security numbers, driver’s license numbers, credit scoring information and other personal data. Nationwide collected this personal information to provide insurance quotes to consumers applying for insurance. Nationwide’s alleged failure to apply a critical security patch led to the loss of the personal information.
The settlement requires Nationwide to take a number of steps to both generally update security practices and to ensure the timely application of patches and other updates to security software. Nationwide must also hire a technology officer responsible for monitoring and managing software and application security updates. The tech officer will supervise employees responsible for evaluating and coordinating the maintenance, management and application of all security patches and software and application security updates.
Nationwide agrees to take steps during the next three years to strengthen its security practices, including:
- Updating procedures and policies relating to the maintenance and storage of consumers’ personal data;
- Conducting regular inventories of the patches and updates applied to its systems, performing internal assessments of patch management practices and hiring an independent provider to perform annual audits; and
- Maintaining and utilizing system tools to monitor the health and security of systems used to maintain personal information.
Many of the consumers affected by the data breach never became Nationwide insured, but the company retained these consumers’ data to more easily provide the consumers re-quotes at a later date. The settlement requires Nationwide to be more transparent about data collection practices by requiring the disclosure to consumers that Nationwide retains personal information even if the consumers do not become customers.
In addition to Florida, a lead state in the investigation, participants in the settlement include: Alaska, Arizona, Arkansas, Connecticut, Hawaii, Illinois, Indiana, Iowa, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Mississippi, Missouri, Montana, Nebraska, Nevada, New Jersey, New Mexico, New York, North Carolina, North Dakota, Oregon, Pennsylvania, Rhode Island, South Dakota, Tennessee, Texas, Vermont, Washington and the District of Columbia.
To view a copy of the settlement, click here.
Attorney General Pam Bondi and 47 other attorneys general are announcing the largest multistate data breach settlement achieved to date. The $18.5 million settlement with Target Corporation resolves the states’ investigation into the retail company’s 2013 data breach that affected more than 41 million customer payment card accounts and contact information for more than 60 million customers. Florida served on the executive committee for the investigation.
“This data breach jeopardized the financial information of millions of Target customers in Florida and across the nation,” said Attorney General Bondi. “Under our multistate settlement announced today, Target consumers are now better protected from cyberattacks.”
The states’ investigation found that cyber attackers accessed Target’s gateway server through credentials stolen from a third-party vendor. The attackers used the credentials to exploit weaknesses in Target’s system that allowed access to a customer service database, installation of malware on the system and the capture of data. Consumer data included full names, telephone numbers, email addresses, mailing addresses, payment card numbers, card expiration dates, CVV1 codes and encrypted debit PINs.
In addition to the monetary payment to the states, the settlement agreement requires Target to develop, implement and maintain a comprehensive information security program and to employ an executive or officer responsible for executing the plan. The company is also required to hire an independent, qualified third-party to conduct a comprehensive security assessment.
As part of the settlement, Target is required to implement security measures including:
- Maintain and support software on its network;
- Segment its cardholder data environment from the rest of its computer network;
- Maintain appropriate encryption policies, particularly as it pertains to cardholder and personal information data; and
- Undertake steps to control access to its network, including implementing password rotation policies and two-factor authentication for certain accounts.
In addition to Florida, the following participated in this settlement: Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, Washington and West Virginia and the District of Columbia.
To view a copy of the settlement, click here.
The Florida Department of Agriculture and Consumer Services today notified 469 customers that their social security numbers may have been obtained as part of a data breach that appears to have originated from overseas and is offering free credit protection for one year to these individuals. No financial information was obtained in this data breach, which is the first that has occurred during this administration.
Commissioner Putnam has ordered a comprehensive review of the department’s cybersecurity measures, and the Florida Department of Law Enforcement is assisting the department with its active investigation.
The social security numbers that may have been obtained had been entered in an online field where either a social security number or Federal Employer Identification Number could be entered. In 2009, the department began only to request a FEIN in this field and stopped the prior practice of requesting either a social security number or FEIN.
Additionally, names of 16,190 concealed weapon licensees, which is less than one percent of total number of concealed weapon licensees, may also have been obtained; however, no other individually identifying information of the concealed weapon licensees was compromised. Only concealed weapon licensees who renewed online may have had their names accessed. The department’s Office of Inspector General determined that there is no risk of identity theft to these licensees.
Other information possibly accessed per the data breach is all public information and poses no risk of identity theft. The breach occurred through the online payment system; although, the hackers were unsuccessful in obtaining any financial information. The department takes cybersecurity seriously and acted quickly to mitigate the effects of this breach. The privacy of the department’s customers is a top priority and will remain so.
Individuals who have concerns regarding their personal information should take the following steps:
- Obtain a free credit report at www.AnnualCreditReport.com;
- Place a fraud alert on your credit report if you believe your information has been compromised;
- Closely monitor financial information;
- Report any suspicious activity to local law enforcement; and
- Check credit reports and credit card statements periodically.
Individuals can get a free credit report once a year by contacting:
- TransUnion: 1-800-680-7289, Transunion.com;
- Equifax: 1-800-525-6285, Equifax.com; and
- Experian: 1-888-397-3742, Experian.com.
Customers who may have been affected by this data breach can call 1-800-350-1119 for more information.