Review your content's performance and reach.

Become your target audience’s go-to resource for today’s hottest topics.

Understand your clients’ strategies and the most pressing issues they are facing.

Keep a step ahead of your key competitors and benchmark against them.

Questions? Please contact [email protected]

On June 30, 2022, the New York Office of the Attorney General (“NYOAG”) announced a $400,000 agreement with Wegmans Food Markets, Inc. (“Wegmans”) in connection with a cloud storage security issue. The NYOAG alleges that Wegmans exposed the personal information of three million consumers by storing the data in misconfigured cloud storage containers.

In April 2021, a security researcher informed Wegmans, a New York-based supermarket chain, that one of the company’s cloud storage containers hosted on Microsoft Azure was left unsecured and open to public access, potentially exposing customers’ personal information. The cloud storage container was publicly accessible from its creation in January 2018 and housed a database backup file of over three million records of customer email addresses and account passwords.

In May 2021, Wegmans discovered a second misconfigured cloud storage container. The second container, misconfigured from its creation in November 2018, contained a database with customers’ names, email addresses, mailing addresses and additional data derived from drivers’ license numbers. In June 2021, Wegmans began notifying affected customers whose personal information was compromised by the issue.

Among other problems, the NYOAG alleges that Wegmans failed to (1) appropriately configure the cloud storage containers to limit access to their contents; (2) inventory its cloud assets containing personal information; (3) secure all user passwords; (4) regularly conduct security testing of its cloud assets; and (5) maintain long-term logs of its cloud assets. In its agreement with the Wegmans, the NYOAG noted that the company’s online privacy policy claimed to make securing customers’ personal information “a top priority.” As a result, the NYOAG alleges Wegmans violated New York data security and consumer protection laws.

In addition to paying a $400,000 penalty, the agreement requires Wegmans to adopt new data security measures, including:

If you would like to learn how Lexology can drive your content marketing strategy forward, please email [email protected] .

© Copyright 2006 - 2022 Law Business Research