NEW YORK (Legal Newsline) — Provision Supply LLC – doing business as EZcontactsUSA.com – will pay a $100,000 penalty and strengthen its data security practices after allegations of a data breach, New York Attorney General Eric T. Schneiderman has announced.
A third party purportedly infiltrated EZContactsUSA.com website and exposed potentially 25,000 credit card numbers and other cardholder data. EZContactsUSA, once it knew about the breach, hired a company to look into the matter and remove all malware from the website.
However, EZContactsUSA allegedly never provided notice to consumers or law enforcement, in violation of General Business Law 899-aa. This law mandates notice be provided to various government agencies as well as affected individuals when a breach occurs. Schneiderman’s office alleges EZContactsUSA also violated Executive Law 63(12) and General Business Laws 349 and 350 by misrepresenting the security and safety of its website.
“New Yorkers deserve an Internet marketplace that secures their personal information,” Schneiderman said. “No one should be exposed to identity theft or financial fraud by simply buying something over the Internet. My office will continue working to help protect hardworking New Yorkers from credit card fraud.”
Bureau of Internet and Technology deputy bureau chief Clark Russell and resident technologist Marc Kowtko handled the case.