Connecticut Attorney General Seeks Information on LivingSocial Network Breach
As many as 50 million accounts – including about 29 million American customers – were affected when hackers accessed parts of LivingSocial, Inc.’s computer network. Connecticut Attorney General George Jepsen and Maryland Attorney General Douglas F. Gansler yesterday asked the daily deals Web site for more information about the potential consumer impact of this data breach.
“Once LivingSocial learned of this breach, the company provided affected Connecticut consumers and my office with notice of the incident,” said Attorney General Jepsen. “Now, it’s important to evaluate how this breach happened and what information was compromised so that we can ensure consumers are properly protected now and in the future. I’m pleased to partner with Attorney General Gansler in seeking this information on behalf of consumers in our states.”
The Attorneys General have asked the company to provide a detailed timeline of the incident, including when and how the company learned of the data breach, as well as a breakdown on the number of affected individuals in each state and the types of information compromised.
They are seeking information about the password protection, information storage and internal security systems the company had in place, and have asked whether the company has received any reports or complaints from users about unauthorized charges.
Additionally, among other information, they’ve requested:
• Copies of LivingSocial’s privacy policies at the time of the breach,
• Copies of any security reports or forensic analyses related to the incident, and
• An outline of any plan developed to prevent the recurrence of a breach and a timeline for the plan’s implementation.
Under Connecticut law, companies are required to protect the personal information they collect from and possess about consumers. Additionally, anyone who conducts business in the state and who – in the ordinary course of business – owns, licenses or maintains computerized data that includes personal information to disclose a security breach without unreasonable delay to both the state residents whose information is believed to be compromised and the Attorney General.
Assistant Attorney General Matthew Fitzsimmons, head of the Office’s Privacy Task Force, is assisting the Attorney General with this matter.
Jaclyn M. Falkowski