Modern sock maker, Bombas, recently settled with New York over a credit card breach, agreeing to pay $65,000 in penalties. According to the NYAG, malicious code was injected into Bombas’ Magento ecommerce platform in 2014. The company addressed the issue over the course of 2014 and early 2015, and according to the NYAG, determined that bad actors had accessed customer information (names, addresses and credit card numbers) of almost 40,000 people. While the company notified the payment card companies at the time, it concluded that it did not need to notify impacted individuals because the payment card companies “did not require a formal PFI or otherwise pursue the matter beyond basic questions.”
Continue Reading Bombas Settles with NYAG Over Credit Card Data Breach
![Photo of Emilio Cazares](https://sheppardmullinplatform.com/wp-content/uploads/sites/52/userphoto/231.jpg)
Emilio Cazares
Emilio Cazares is an associate in the Intellectual Property Practice Group in the firm's San Diego (Del Mar) office.
Talk About Ironic: Brexit Group Fined Under EU-Related Privacy Regulations
In an ironic twist, the British Information Commissioner’s Office (ICO) recently fined a Brexit advocacy group for violating regulations issued under an EU directive. The fines, totaling £120,000, were levied against Leave.EU and a related insurance company, Eldon Insurance, for sending marketing emails to each other’s subscribers without sufficient consent. Leave.EU had sent marketing emails to over 300,000 of Eldon’s customers, and the two entities had carried out unlawful joint marketing campaigns through Leave. EU’s mailing list.
Continue Reading Talk About Ironic: Brexit Group Fined Under EU-Related Privacy Regulations