Attorney General William Tong announced a settlement with Guardian Analytics, Inc. and its successor Actimize, Inc., following an investigation into a data breach affecting 157,629 Connecticut residents who were customers of Webster Bank, N.A. Under the terms of the agreement, Guardian and Actimize will enhance their data security measures and pay $500,000.
“Companies like Guardian Analytics that collect and maintain our sensitive personal information have an obligation to take reasonable measures to keep that data secure. That did not happen here, compromising personal information for thousands of customers of Webster Bank, one of Guardian’s clients. As a result of today’s settlement, Guardian must pay the state $500,000 and commit to strong cybersecurity practices going forward,” stated Attorney General Tong.
Guardian specializes in behavioral analytics and machine learning to prevent banking fraud for client institutions. Financial entities such as Webster Bank provide customer data including names, account numbers, transaction details, and Social Security numbers to utilize these services. This information was compromised during a breach from November 2022 through January 2023.
The settlement addresses allegations by the Attorney General that Guardian violated Connecticut's privacy laws by not implementing adequate data security measures across its systems. Additionally, it alleges Actimize failed to properly integrate Guardian's systems after acquisition. These lapses allowed unauthorized access to personal information.
As part of the resolution, both companies have agreed to implement several cybersecurity enhancements:
- Maintaining a comprehensive security program for protecting personal information.
- Implementing integration practices with onsite inspections for acquired entities.
- Encrypting all stored or transmitted personal information.
- Conducting annual risk assessments.
- Utilizing multi-factor authentication for user accounts and remote access.
- Establishing an incident response plan for handling security incidents.
- Securing third-party assessments of their information security.
Assistant Attorneys General Kileigh Nassau and John Neumon contributed alongside Deputy Associate Attorney General Michele Lucan in this matter.