- Between February and August an “unauthorized plugin” on the PupBox website caused the personal and credit card information of approximately 30,000 consumers to be stolen by an unauthorized third party.
- The complaint asserts, on information and belief, that the cyberattack resulted from the defendants’ failure to encrypt payment card data (PCD) at the point of sale and/or that the defendants “failed to install updates, patches, and malware protection or to install them in a timely manner to protect against a data security breach; and/or failed to provide sufficient control employee credentials and access to computer systems to prevent a security breach and/or theft of PCD.”
- Sensitive data should be retained for only as long as necessary and stored in an encrypted database with limited access. Contracts with service providers should mandate strong data security practices as well. The time and effort expended on data protection have proven to be well worth the investment.
JDSupra | December 28, 2020