TRENTON, N.J. – Legislation sponsored by Assemblyman Jay Webber requiring companies to notify users of online security breaches is headed to Gov. Phil Murphy’s desk. The bill (S52/A3245) unanimously passed the Assembly today, after approval in June by the Senate.
Webber’s measure expands a list of breaches requiring notification to include user names, email addresses and any identifying information that can be used with a password or security question to access an online account. Driver’s license and social security numbers, account numbers, and credit or debit card numbers are already included.
“Online customers expect their personal and financial data to be protected,” said Webber (R-Morris). “Security breaches can result in financial loss or identity theft for innocent victims, so customers should be informed of a breach as soon as it is discovered to allow them to change passwords and monitor accounts for fraudulent activity.”
A report released last week by security intelligence vendor Risk Based Security found 5 billion records were exposed by breaches in 2018.
Recently, Marriott announced that more than a half million customer accounts have been exposed to hackers. Last year, customer data was compromised at Uber, Facebook, Dunkin’ Donuts, British Airwaves and T-Mobile.
The largest online breach occurred in 2013-2014, when the accounts of 3 billion Yahoo users were compromised.