On July 26, 2022, the attorneys general of New Jersey, Pennsylvania, Delaware, Maryland, Virginia, Florida and Washington D.C. announced an $8 million multistate settlement with Wawa Inc. that resolves the states’ investigation into a 2019 data breach that compromised approximately 34 million payment cards used by consumers at Wawa stores and fueling locations.
Continue Reading Wawa Inc. Settles Multi-State AG Breach Investigation for $8 Million

On October 31, 2017, the New York and Vermont Attorneys General announced a settlement with Hilton Domestic Operating Company, Inc., to settle allegations that the company lacked reasonable data security and waited too long to report a pair of 2015 data breaches, which exposed over 350,000 credit card numbers.
Continue Reading Hilton Agrees to Settle Data Breach-Related Claims by NY and VT Attorneys General

The PCI Security Standards Council recently published a set of enhanced validation procedures designed to provide greater assurance that certain entities are maintaining compliance with the PCI Data Security Standard effectively and on a continuing basis. In addition, on July 1, 2015, PCI Data Security Standard Version 3.0 is being retired and the controls previously designated by Version 3.0 as best practices will become mandatory.
Continue Reading PCI Security Standards Council Releases Enhanced Validation Requirements for Designated Entities as PCI DSS Version 3.0 Set to Retire

The UK Information Commissioner’s Office found that Lush Cosmetics Ltd. violated the Data Protection Act 1998 by having insufficient measures to protect customer data on its retail website. The ICO required Lush to process customer payment card data in compliance with the Payment Card Industry Data Security Standard but did not impose a monetary penalty on the company.

Continue Reading Lush Avoids ICO Fine After Website Data Breach

On March 28, 2011, Massachusetts Attorney General Martha Coakley announced a settlement with the Briar Group in connection with a 2009 data breach that jeopardized the payment card information of “tens of thousands” of consumers.

Continue Reading Massachusetts Attorney General Reaches $110,000 Data Breach Settlement with Boston Restaurant Group