NEW YORK (Legal Newsline) — Provision Supply LLC – doing business
as EZcontactsUSA.com – will pay a $100,000 penalty and strengthen its data
security practices after allegations of a data breach, New York Attorney
General Eric T. Schneiderman has announced.
A third party purportedly infiltrated EZContactsUSA.com
website and exposed potentially 25,000 credit card numbers and other cardholder
data. EZContactsUSA, once it knew about the breach, hired a company to look
into the matter and remove all malware from the website.
However, EZContactsUSA allegedly never provided notice to
consumers or law enforcement, in violation of General Business Law 899-aa. This
law mandates notice be provided to various government agencies as well as
affected individuals when a breach occurs. Schneiderman’s office alleges EZContactsUSA also violated Executive Law 63(12) and General Business Laws 349
and 350 by misrepresenting the security and safety of its website.
“New Yorkers deserve an Internet marketplace that secures
their personal information,” Schneiderman said. “No one should be exposed to
identity theft or financial fraud by simply buying something over the Internet.
My office will continue working to help protect hardworking New Yorkers from
credit card fraud.”
Bureau of Internet and Technology deputy bureau chief Clark
Russell and resident technologist Marc Kowtko handled the case.