Conn., Maryland AGs seek info on LivingSocial network breach
HARTFORD, Conn. (Legal Newsline) - Connecticut Attorney General George Jepsen and Maryland Attorney General Douglas Gansler sought information Wednesday from LivingSocial Inc. about a recent data breach affecting approximately 29 million American customers. Jepsen and Gansler asked the daily deals website for further information about any potential consumer impact of the data breach. As many as 50 million accounts were affected when hackers accessed portions of LivingSocial's computer network. "Once LivingSocial learned of this breach, the company provided affected Connecticut consumers and my office with notice of the incident," Jepsen said. "Now, it's important to evaluate how this breach happened and what information was compromised so that we can ensure consumers are properly protected now and in the future. I'm pleased to partner with attorney general Gansler in seeking this information on behalf of consumers in our states." Jepsen and Gansler asked the company to provide them with a detailed timeline of the incident, including when and how the company found out about the breach, in addition to a breakdown on the number of individuals affected in each state and the kinds of information compromised. They also requested information about the information storage, password protection and internal security systems the company had in place and whether or not the company received any complaints or reports from users about unauthorized charges. Jepsen and Gansler also requested an outline of any plan developed to prevent a breach from reoccurring, a timeline of the plan's implementation, copies of any security reports or forensic analyses related to the incident and copies of the company's privacy policies at the time of the breach. Connecticut laws require companies to protect the personal information they collect from and possess about consumers. Businesses must disclose security breaches without unreasonable delay to Jepsen's office and state residents whose information may have been compromised.