On July 26, 2022, the attorneys general of New Jersey, Pennsylvania, Delaware, Maryland, Virginia, Florida and Washington D.C. announced an $8 million multistate settlement with Wawa Inc. that resolves the states’ investigation into a 2019 data breach that compromised approximately 34 million payment cards used by consumers at Wawa stores and fueling locations.
Continue Reading Wawa Inc. Settles Multi-State AG Breach Investigation for $8 Million
PCI DSS
COVID-19: Temporary Work-From-Home Models and PCI DSS Compliance
Special challenges are created when emergency work-from-home orders affect payment cardholder data that is subject to the Payment Card Industry’s Data Security Standard.
Continue Reading COVID-19: Temporary Work-From-Home Models and PCI DSS Compliance
Hilton Agrees to Settle Data Breach-Related Claims by NY and VT Attorneys General
On October 31, 2017, the New York and Vermont Attorneys General announced a settlement with Hilton Domestic Operating Company, Inc., to settle allegations that the company lacked reasonable data security and waited too long to report a pair of 2015 data breaches, which exposed over 350,000 credit card numbers.
Continue Reading Hilton Agrees to Settle Data Breach-Related Claims by NY and VT Attorneys General
Wyndham Settles FTC Charges in FTC v. Wyndham
On December 9, 2015, the FTC announced that Wyndham Worldwide Corporation settled charges brought by the FTC stemming from allegations that the company unfairly failed to maintain reasonable data security practices.
Continue Reading Wyndham Settles FTC Charges in FTC v. Wyndham
PCI Security Standards Council Releases Enhanced Validation Requirements for Designated Entities as PCI DSS Version 3.0 Set to Retire
The PCI Security Standards Council recently published a set of enhanced validation procedures designed to provide greater assurance that certain entities are maintaining compliance with the PCI Data Security Standard effectively and on a continuing basis. In addition, on July 1, 2015, PCI Data Security Standard Version 3.0 is being retired and the controls previously designated by Version 3.0 as best practices will become mandatory.
Continue Reading PCI Security Standards Council Releases Enhanced Validation Requirements for Designated Entities as PCI DSS Version 3.0 Set to Retire
PCI Security Standards Council Issues Best Practices for Mobile Payment Acceptance Security
On September 13, 2012, the PCI Security Standards Council issued new guidelines entitled “PCI Mobile Payment Acceptance Security Guidelines,” which outline best practices for mobile payment acceptance security.
Continue Reading PCI Security Standards Council Issues Best Practices for Mobile Payment Acceptance Security
PCI Security Standards Council Provides Mobile Payment Acceptance Guidance
On May 16, 2012, the PCI Security Standards Council’s Mobile Working Group published a fact sheet outlining best practices for securely accepting payments via mobile devices.
Continue Reading PCI Security Standards Council Provides Mobile Payment Acceptance Guidance
Lush Avoids ICO Fine After Website Data Breach
The UK Information Commissioner’s Office found that Lush Cosmetics Ltd. violated the Data Protection Act 1998 by having insufficient measures to protect customer data on its retail website. The ICO required Lush to process customer payment card data in compliance with the Payment Card Industry Data Security Standard but did not impose a monetary penalty on the company.
…
Continue Reading Lush Avoids ICO Fine After Website Data Breach
PCI Data Security Standards Council Provides Cloud Compliance Guidelines
On June 14, 2011, the PCI Security Standards Council’s Virtualization Special Interest Group published guidelines to provide context for the application of the Payment Card Industry Data Security Standard to cloud and other virtual environments.
…
Continue Reading PCI Data Security Standards Council Provides Cloud Compliance Guidelines
Massachusetts Attorney General Reaches $110,000 Data Breach Settlement with Boston Restaurant Group
On March 28, 2011, Massachusetts Attorney General Martha Coakley announced a settlement with the Briar Group in connection with a 2009 data breach that jeopardized the payment card information of “tens of thousands” of consumers.
…
Continue Reading Massachusetts Attorney General Reaches $110,000 Data Breach Settlement with Boston Restaurant Group