"An investigation by the Office of the Attorney General (OAG) found that Wojeski took over a year to notify victims of the data breach, despite being required to notify victims soon after a breach. As a result of today's agreement, Wojeski must pay $60,000 in penalties and take steps to improve its cybersecurity measures. Individuals who were affected by the data breaches were offered one year of free credit report monitoring."
"Ransomware attacks like the ones at Wojeski put consumers at risk," said Attorney General James. "As an accounting firm, Wojeski should have taken stronger measures to protect New Yorkers' personal data and prevent data breaches that could lead to identity theft and other types of fraud. When New Yorkers pay for a service, they should trust that the company they are paying will not expose their private information. Companies must do more to protect their customers' data and my office will not hesitate to hold them to account."
Wojeski & Company experienced a ransomware attack on July 28, 2023 that prevented employees from accessing certain files. An employee of a firm hired to investigate the breach inappropriately accessed client data, creating an insider breach. Multiple Wojeski employees transmitted client data to external accounts without authorization. Those incidents exposed the private information of more than 4,700 New Yorkers. Wojeski delayed notifying affected individuals for more than a year despite notification requirements. The company agreed to pay $60,000 in penalties, provide one year of free credit report monitoring to victims, and implement strengthened cybersecurity measures under a settlement.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]