READ MORE: Cap And Gown Rental Company Reports Data Breach In a series of three separate lawsuits filed in late May, college students and their families allege that Herff Jones did not do enough to protect their information and failed to inform affected customers in a timely manner after the cyber attack. The Pennsylvania investigation and settlement negotiations were handled by Senior Deputy Attorney General Tim Murphy.Multiple families have brought suit against Indianapolis-based education service company Herff Jones following a data breach that left customers’ personal and financial information unprotected. Herff Jones must comply with PCI DSS and validate compliance by engaging a PCI Qualified Security Assessor to conduct an assessment resulting in the delivery of a PCI Report on Compliance and Attestation of Compliance.Designing and implementing reasonable security measures for the protection and storing of personal information, including timely software patch updates, conducting penetration-testing of its networks, and implementing reasonable access controls such as multi-factor authentication.Conducting annual employee training to inform employees who are responsible for handling private information about the company’s data security practices.Conducting security risk assessments of its networks that stores personal information annually.
0 Comments
Leave a Reply. |