New York Attorney General Letitia James announced a settlement with public accounting firm Wojeski & Company, imposing a $60,000 penalty for failing to protect the personal data of over 4,700 New Yorkers. The firm suffered ransomware attacks that exposed sensitive information, including social security numbers and financial account details.
Wojeski, a certified public accounting firm, was found to have taken more than a year to notify victims after the breaches. The investigation revealed weaknesses in data encryption and inadequate security measures. Under the settlement, Wojeski must strengthen its cybersecurity protocols and offer affected individuals free credit monitoring for one year.
The first attack, detected on July 28, 2023, was traced back to a phishing email that compromised client files. A subsequent breach occurred on May 31, 2024, when an external firm investigating the first breach misused customer data. Both incidents were not reported to clients until November 2024.
Attorney General James emphasized the importance of robust cybersecurity for service providers: “Ransomware attacks like the ones at Wojeski put consumers at risk. Companies must do more to protect their customers’ data.”
Wojeski is required to implement a comprehensive information security program, encrypt sensitive data, and establish protocols to identify and correct network vulnerabilities. The firm will pay $60,000 in penalties as part of the settlement.
Key Facts
- State: New York
- Agency: NY AG
- Category: Cybercrime|Fraud & Financial Crimes|White Collar Crime
- Source: Official Source ↗
🔒 Get the grimiest stories delivered weekly. Subscribe free →
Browse More