New York Attorney General Letitia James has penalized accounting firm Wojeski & Company with a $60,000 fine following two data breaches that exposed over 4,700 New Yorkers’ personal information. The investigation revealed inadequate security measures and delayed notifications from the company.
Wojeski & Company, a certified public accounting firm, suffered a ransomware attack on July 28, 2023. It was discovered that customer social security numbers were not encrypted in parts of their network. A second breach occurred on May 31, 2024, when an employee improperly accessed and shared sensitive data. Both incidents went unreported to customers until November 2024.
Attorney General James emphasized the importance of robust data protection measures for companies handling personal information. ‘Ransomware attacks like the ones at Wojeski put consumers at risk,’ she stated. ‘Companies must do more to protect their customers’ data, and my office will not hesitate to hold them accountable.’
Under the settlement, Wojeski is required to implement stricter security standards, including comprehensive information security programs, encryption of personal information, and enhanced account management processes.
The affected individuals were offered one year of free credit report monitoring. This case serves as a stark reminder of the consequences for firms that fail to secure customer data in today’s digital landscape.
Key Facts
- State: New York
- Agency: NY AG
- Category: Cybercrime|Fraud & Financial Crimes
- Source: Official Source ↗
🔒 Get the grimiest stories delivered weekly. Subscribe free →
Browse More