The Legal Examiner Affiliate Network The Legal Examiner The Legal Examiner The Legal Examiner search instagram avvo phone envelope checkmark mail-reply spinner error close The Legal Examiner The Legal Examiner The Legal Examiner
Skip to main content

In 2014, Visionworks, an eye care retailer, misplaced two computer servers that potentially had sensitive personal information.  Bloomberg reports that they have now settled with the Maryland Attorney General over these poor practices:

While upgrading to fully encrypted servers at its stores in Annapolis, Md., and Jacksonville, Fla., Visionworks didn’t adequately secure consumers’ personal information, according to the Office of the Attorney General.

The company left the old servers—which contained customer names, addresses, dates of birth, purchasing histories and health insurance information—unsecured in the two stores, the office said. The old servers also contained three days of encrypted credit card data, it said.

Both servers were misplaced by accident and were likely taken to landfills, the office said.

The settlement with the Maryland AG’s office states that credit monitoring and insurance will be offered to customers who potentially lost sensitive informatino, as well as a $100,000 fine paid to the State of Maryland.

Visionworks denies the allegations and claims that “no personal information, including health information was compromised.

Enforcement actions by the states attorneys general is one way that data breach can be combated; and its an important way.  We are happy to see Maryland’s Attorney General Office take this action and press businesses to be more careful in their control and destruction of personal information.

Comments for this article are closed.