- The firm was alleged for violating data security laws in the 2014 data breach incident that affected 6,800 Massachusetts customers.
- Investigation revealed that Yapstone was aware of the issue since August 2014 but failed to fix it until August 2015.
Yapstone Holdings Inc., a California-based payments platform company has agreed to pay $155,000 as a part of a settlement over a data breach case. The firm has been alleged for violating consumer protection and data security laws in the 2014 data breach incident that affected 6,800 Massachusetts customers.
About the incident
According to the investigation by the Attorney General’s Office, it was found that, in July 2014, an employee of the firm had inadvertently removed password protections from the company’s public-facing websites. The password enabled users to sign up for different Yapstone’s services.
The websites stored several personal information related to consumers such as bank account numbers, social security numbers, addresses and driver’s license numbers. Due to the lack of password protection, the websites’ data was visible to anyone on the internet for over a year.
Moreover, it was also found that the company was aware of the issue since August 2014 but failed to fix it until August 2015.
Enhancing the security
Apart from paying the fine, Yapstone Holdings Inc. has also agreed to comply with state laws. It will implement policies and security tools to improve the security of its systems and protect the data of its consumers.
“This company broke the law by failing to take immediate action when consumers’ personal information was at risk. Through our settlement, Yapstone will pay a penalty and take significant steps to safeguard the personal information of customers,” said Attorney General Maura Healey, Cape Cod Community News reported.
As a part of the settlement, Yapstone is also required to hire a chief information security officer and train its employees on data security.