Effective October 1, 2018, Connecticut law requires organizations that experience a security breach affecting Connecticut residents’ Social Security numbers to provide 24 months of credit monitoring to affected individuals. Previously, Connecticut law required entities to provide 12 months of credit monitoring for breaches affecting SSNs.
Continue Reading Connecticut Requires 24 Months of Credit Monitoring for Certain Security Breaches

On May 23, 2017, Target reached a settlement with the Attorneys’ General of 47 states and the District of Columbia to resolve the states’ investigation of Target’s 2013 data breach.
Continue Reading Target and State Attorneys General Resolve Investigation with Largest Multi-State Breach Settlement to Date

On November 7, 2016, Adobe Systems Inc. entered into an assurance of voluntary compliance with 15 state Attorneys General to settle allegations that the company lacked proper measures to protect its systems from a 2013 cyber attack that resulted in the theft of the personal information of millions of customers.
Continue Reading Adobe Settles Multistate Data Breach Enforcement Action

On July 1, 2015, Connecticut’s governor signed into law Public Act No. 15-142, An Act Improving Data Security and Agency Effectiveness, that amends and updates the state’s data breach notification law and imposes certain data security requirements on health insurers and state contractors.
Continue Reading Connecticut Passes New Data Protection Measures into Law

On March 12, 2013, Connecticut Attorney General George Jepsen announced that a coalition of 38 states had entered into a $7 million settlement with Google Inc. (“Google”) regarding its collection of unsecured Wi-Fi data via the company’s Street View vehicles between 2008 and 2010. The settlement is the culmination of a multi-year investigation by the states that we first reported on in 2010.

Continue Reading Google Enters into Multi-State Wi-Fi Settlement

On June 15, 2012, Connecticut Governor Dannel Malloy approved amendments to the state’s breach notification law requiring businesses to notify the state Attorney General in the event of a data security breach. One week later, Senator Pat Toomey (R-PA) introduced the Data Security and Breach Notification Act of 2012 in an effort to create a national breach notification standard.
Continue Reading Connecticut Amends State Breach Law Amid Introduction of Federal Breach Notification Legislation

On January 24, 2011, Connecticut Attorney General George Jepsen announced that MetLife had agreed to pay $10,000 and implement or enhance its data protection policies and procedures in response to a November 2009 disclosure of customer personal information on the Internet.
Continue Reading Connecticut AG Announces Agreement with MetLife over 2009 Breach Incident