New York Attorney General Letitia James announced a settlement in which National Amusements, Inc., a large movie theater operator that includes locations in the Bronx and on Long Island, will pay $250,000 for failing to adequately protect the personal information of its employees. This settlement is a significant step to strengthen digital data protection. The company’s careless cybersecurity practices were exposed by an inquiry, which directly led to a data breach that affected over 23,000 New York employees, according to the New York State Attorney General’s Office.
According to the investigation, National Amusements violated the New York Shield Act by severely failing to notify impacted employees of the breach in a timely manner, delaying notification for more than a year. Attorney General James said in a statement released by the official press release, “No employee should have their personal information and social security stolen because their employer failed to protect them.” In addition to paying the agreed-upon amount to the state of New York, National Amusements is required under the settlement to significantly upgrade their cybersecurity infrastructure in order to better protect employee data going forward.
In December 2022, National Amusements learned of the breach when a vendor reported unusual activity that was eventually connected to a hacker using employee credentials that had been taken. The attacker’s penetration efforts were made easier by the fact that Multifactor Authentication (MFA) protections were in place but not applied to some channels. Sensitive information including names, birthdates, social security numbers, passport and driver’s license numbers, and the financial and health insurance details of more than 82,000 people nationwide—including 23,365 people living in New York—were compromised in the incident, which had far-reaching consequences.
After the settlement, National Amusements reassured their patrons that the breach only affected current and past workers and contractors, not moviegoers who were attending their theaters. The business has decided to change its security procedures in a number of ways, such as implementing a thorough infosec program and upholding strict password regulations to successfully prevent unwanted access. Additionally, they will set up a strict testing program to find and fix systemic vulnerabilities as part of the effort to strengthen defenses against future cyberthreats.
This most recent step is part of Attorney General James’s ongoing efforts to hold businesses responsible for cybersecurity lapses and to fortify industry-wide data protection standards. James’ agency also issued alerts and preventive recommendations earlier this year to help consumers and companies manage cyber dangers. Deputy Bureau Chief Clark Russell and Bureau Chief Kim Berger from the OAG’s Bureau of Internet and Technology, a branch dedicated to identifying and addressing economic inequities associated with technological malpractices, oversaw this specific case.
Note: Thank you for visiting our website! We strive to keep you informed with the latest updates based on expected timelines, although please note that we are not affiliated with any official bodies. Our team is committed to ensuring accuracy and transparency in our reporting, verifying all information before publication. We aim to bring you reliable news, and if you have any questions or concerns about our content, feel free to reach out to us via email. We appreciate your trust and support!
Leave a Reply