TRENTON, N.J. – Legislation sponsored by Assemblyman Jay Webber requiring companies to inform users of online security breaches was signed into law today.
Webber’s measure (S52/A3245) protects consumers by expanding a list of breaches requiring notification to include more online-oriented, but no less important, information, such as user names, email addresses, and any identifying information that can be used with a password or security question to access an online account. Driver’s license and social security numbers, account numbers, and credit or debit card numbers were already included.
“Digital security breaches can result in financial loss or identity theft for innocent victims just as much as breaches concerning traditional tools of identity theft,” said Webber (R-Morris). “Customers should be informed of any breach that threatens their online accounts as soon as it is discovered to allow them to change passwords and monitor accounts for fraudulent activity. Online customers rightfully expect their personal and financial data to be protected, and this new law will help meet that expectation.”
More than 5 billion records were exposed by breaches in 2018, according to a report released in February by security intelligence vendor Risk Based Security.
Recently, Marriott announced that more than a half million customer accounts were exposed to hackers. Last year, customer data was compromised at Uber, Facebook, Dunkin’ Donuts, British Airwaves and T-Mobile.
The largest online breach occurred in 2013-2014, when the accounts of 3 billion Yahoo users were jeopardized.