New York AG Settles with Filters Fast After Data Breach
Tuesday, June 1, 2021
Data Breach FIlters Fast LLC NY Settlement Hacking
Print Mail Download i

On May 18, 2021, New York Attorney General (“AG”) Letitia James announced a settlement agreement with Filters Fast LLC (“Filters Fast”) over a data breach that compromised personal information of approximately 324,000 consumers nationwide, including over 16,500 New York state residents. The breach affected purchases made on Filters Fast website for almost a year – from July 16, 2019 to July 10, 2020.

Filters Fast, an online air and water filter retailer, was notified by a credit card payment system management company on February 25, 2020 that its website had been flagged as a common point of purchase (“CPP”) for unauthorized credit card purchases. The CPP notification came seven months after an attacker exploited a known vulnerability in a plugin on the Filters Fast website that allowed the attacker to collect the names, billing addresses, expiration dates, validation codes and primary account numbers of customers who purchased products on the website via credit card.

After the CPP notification, Filters Fast conducted an internal investigation but found insufficient evidence of a breach. At the request of a payment card brand, Filters Fast eventually engaged an outside forensic investigator that initially also did not find evidence of a breach, but in late July 2020, discovered the plugin vulnerability. A software patch to fix the vulnerability had been issued three years prior to Filters Fast being attacked, but the company did not implement the patch until July 10, 2020.

Under the terms of the settlement, Filters Fast is required to pay the state of New York $200,000 ($100,000 of which is suspended on the condition that Filters Fast did not “materially misstate[]” its financial position). In addition, Filters Fast will be required to

  1. execute and enforce systems and security measures to prevent future data breaches;

  2. create a security program to ensure regular updates and reports to Filters Fast’s CEO;

  3. execute an incident response and data breach notification plan to identify, contain, eradicate and recover from breaches; and

  4. ensure that third-party security assessments take place over the next five years

Attorney General James stated that the settlement exemplifies the New York AG’s dedication to protect online consumers and to “use every available tool to hold companies accountable when they fail to safeguard personal information.”

Read the settlement.

Copyright © 2024, Hunton Andrews Kurth LLP. All Rights Reserved.

Current Legal Analysis

More from Hunton Andrews Kurth

Senators Introduce Stablecoin Bill
by: Scott H. Kimpel
FTC Poised to Finalize Noncompete Rule
by: Katherine Pauly , Kevin Hahm
EDPB Issues Opinion on Pay-Or-Consent Models
by: Hunton Andrews Kurth’s Privacy and Cybersecurity
Supreme Court Rules that MD&A Omission Does Not Give Rise to a Claim for Securities Fraud
by: Scott H. Kimpel , James V. Davidson
UK ICO Launches Latest Installment in the AI Consultation Series
by: Hunton Andrews Kurth’s Privacy and Cybersecurity
SCOTUS Decides That A Position Transfer May Violate Title VII If An Employee is Worse Off Due to Discriminatory Reasons
by: Emily Burkhardt Vicente , Steven J. DiBeneditto Jr.
IRS Issues New Favorable Pipeline Ruling for REITs
by: George C. Howell, III , Thomas W. Ford, Jr.
Treasury Proposes Stronger CFIUS Monitoring and Enforcement Rules
by: Sevren R. Gourley , Eric R. Markus
SAFETY Act Series, Part 1: The SAFETY Act Is Powerful Protection Against Emerging Liabilities
by: Lorelie S. Masters , Kevin W. Jones
The Hunton Policyholder’s Guide to Artificial Intelligence: Artificial Intelligence-Related Securities Exposures Underscore the Importance of Thorough AI Insurance Audits
by: Michael S. Levine , Geoffrey B. Fehling

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins