Massachusetts AG Secures $795,000 Settlement for Alleged Data Security and Breach Notification Failures by Peabody Properties Inc. - DataBreaches.Net
Briefly

Massachusetts AG Secures $795,000 Settlement for Alleged Data Security and Breach Notification Failures by Peabody Properties Inc. - DataBreaches.Net
"The AG alleged that the company failed to maintain reasonable data security practices and delayed required notifications to both regulators and consumers following multiple cybersecurity breaches. According to the press release, the company manages hundreds of residential properties across Massachusetts and experienced five separate breaches between November 2019 and September 2021. Hackers accessed sensitive consumer personal information, including Social Security numbers, driver's license numbers, and bank account data, through phishing emails."
"The consent judgement imposes the following requirements: Monetary relief. The company must pay $795,000 to the Commonwealth. Cybersecurity enhancements. The company is required to implement phishing protection, multi-factor authentication, a vulnerability management program, an asset inventory, and an intrusion detection and prevention system. Security monitoring and assessments. The company must deploy a security incident and event management platform and conduct annual independent security assessments for three years."
On August 19, Massachusetts Attorney General Andrea Joy Campbell announced a $795,000 settlement with a property management company for alleged violations of the Massachusetts Consumer Protection Act and the Data Security Law. The company manages hundreds of residential properties and experienced five breaches from November 2019 to September 2021, in which phishing allowed access to Social Security, driver's license, and bank account information. Nearly 14,000 notice letters were sent, but two breaches allegedly went unreported for almost seven months. The consent judgment requires payment and cybersecurity upgrades including phishing protection, multi-factor authentication, vulnerability management, intrusion detection, deployment of a SIEM platform, and annual independent security assessments for three years. The state's announcement did not append any assurance of discontinuation or a findings and settlement document.
#data-breach #massachusetts-data-security-law #consumer-protection-act #cybersecurity-compliance
Read at DataBreaches.Net
Unable to calculate read time
[
|
]