NEWARK — The state of New Jersey has reached a settlement agreement with a data management software developer to resolve charges that the company allowed unauthorized public Internet access to a database of more than 100 auto dealerships customers' and employees' personal information.
According to New Jersey Attorney General Gurbir Grewal's office, the data belonging to at least 2,471 New Jersey residents was found on Lightyear Dealer Technologies DBA DealerBuilt database during a 2016 investigation by a security researcher. The researcher was able to access files of Lightyear and retrieve names, addresses, Social Security numbers, driver's license numbers and bank account information, the Attorney General's Office said.
“Through this settlement, New Jersey is holding DealerBuilt accountable for a security lapse that exposed sensitive personal data belonging to thousands of our residents and untold numbers of consumers nationwide,” Grewal said in a statement. “As a result of our negotiations, DealerBuilt has agreed to implement comprehensive cyber-security protocols to better protect consumers in all states against the threat of identity theft or other cybercrimes.”
“Data breaches like this are a sobering reminder of what can happen when companies fail to adequately protect the sensitive data they collect and store electronically," said the state's Division of Consumer Affairs acting director Paul Rodriguez.
Dealerbuilt has agreed to pay $80,784, which includes $49,420 in civil penalties and $31,364 to reimburse the Division of Consumer Affairs for attorney fees, investigative costs and expert fees, according to the Attorney General's Office.