In 2014, Visionworks, an eye care retailer, misplaced two computer servers that potentially had sensitive personal information. Bloomberg reports that they have now settled with the Maryland Attorney General over these poor practices:
While upgrading to fully encrypted servers at its stores in Annapolis, Md., and Jacksonville, Fla., Visionworks didn’t adequately secure consumers’ personal information, according to the Office of the Attorney General.
The company left the old servers—which contained customer names, addresses, dates of birth, purchasing histories and health insurance information—unsecured in the two stores, the office said. The old servers also contained three days of encrypted credit card data, it said.
Both servers were misplaced by accident and were likely taken to landfills, the office said.
The settlement with the Maryland AG’s office states that credit monitoring and insurance will be offered to customers who potentially lost sensitive informatino, as well as a $100,000 fine paid to the State of Maryland.
Visionworks denies the allegations and claims that “no personal information, including health information was compromised.
Enforcement actions by the states attorneys general is one way that data breach can be combated; and its an important way. We are happy to see Maryland’s Attorney General Office take this action and press businesses to be more careful in their control and destruction of personal information.