Breach Could Test Tough MA Data Law
PRIVACY LAW—U.S.December 22, 2010
The CitySights NY tour company has notified certain state attorneys general that the financial data of more than 100,000 customers was stolen when a SQL injection attack hit one of its Web servers. Among those whose data were exposed are 1,850 Massachusetts residents, causing a threatpost.com report to ask, "Could this be the test case for enforcement of the state's nine-month-old data privacy law?" The breach exposed the names, addresses and full credit card account information including card verification data. "The leak...could prove to be an early test of the nation's strongest data privacy law," the report states.