Jeweler Files Lawsuit Over IT Breach
PRIVACY LAW—U.S.February 10, 2012
A Chicago-based jeweler has filed a lawsuit against an IT consulting firm, claiming the company's negligence made it possible for unauthorized entities to access customers' financial data between April and August 2010, reports the Chicago Tribune. According to the suit, a consultant from BridgePoint Technologies advised C.D. Peacock to go around a faulty VPN connection and allegedly assured the jeweler that this move would be secure. "Circumventing the VPN led almost immediately to a serious security breach," the company said in its lawsuit. Malicious software was installed on the jeweler's credit card system, allowing hackers to "access the confidential personal data and financial information of C.D. Peacock's customers," which was then transferred to a remote system. The lawsuit did not specify how many customers were affected.