$1.2 million settlement reached with real estate firm Morris Plains

MORRIS PLAINS, NJ – A real estate company, headquartered in Morris Plains, has agreed to a settlement regarding allegations that inadequate security measures allowed unauthorized access to its network, Acting Attorney General Matthew J announced. Platkin.

Weichert Co. and its affiliates have agreed to pay $1.2 million and implement new security policies to resolve allegations that they violated New Jersey’s Consumer Fraud Act. identity theft protection and the Gramm-Leach-Bliley Act in their handling of sensitive customer information. .

According to Platkin, a lack of proper safeguards led to three separate data breaches that compromised the personal information of at least 10,926 customers and employees, including nearly 7,000 New Jersey residents.

Find out what’s happening in Morris Township-Morris Plainswith free real-time Patch updates.

According to the consent order, Weichert’s allegedly insufficient safeguards allowed multiple unauthorized accesses to the network between July 2016 and July 2018, exposing personal information such as social security numbers, credit card information, passport, financial accounts and driver’s license numbers.

“Taking appropriate steps to protect customers’ personal information isn’t just part of a good business model, it’s the law,” Platkin said. “This regulation should send a clear message to companies that skimp on data security as a cost-saving measure.”

Find out what’s happening in Morris Township-Morris Plainswith free real-time Patch updates.

Prosecutors said Weichert agreed to the settlement consisting of civil penalties of $1,074,350.00 and $125,650.00 for investigation costs and attorney fees to resolve the allegations which included:

  • Failing to develop, implement and maintain a comprehensive information security program containing appropriate administrative, technical and physical safeguards to protect customers’ personal information.
  • Failing to identify reasonably foreseeable internal and external risks to the security, confidentiality and integrity of customer information.
  • Failing to design and implement information safeguards to control the risks identified by the risk assessment.
  • Failing to evaluate and adjust the information security program in light of the results of testing and monitoring.
  • Failing to notify customers, New Jersey State Police and consumer reporting agencies of the three data breaches without unreasonable delay.

Under the Consent Order with the Division, Weichert, among others, agreed to:

  • Maintain a comprehensive information security program that includes regular updates to keep up with changing technology and security threats.
  • Engage the services of an independent third party to assess the information security program and prepare an annual report of findings to confirm compliance with the provisions of this Consent Order
  • Maintain a qualified person appointed as Chief Information Security Officer (CISO)
  • Encrypt all sensitive customer information held or transmitted by the company
  • Implement and maintain multi-factor authentication for any individual accessing any network-connected information system
  • Maintain a risk assessment program to identify, address and, if necessary, remediate risks affecting the network.

“Companies that process sensitive consumer data must have appropriate protocols in place to prevent data breaches,” said Cari Fais, acting director of the Consumer Affairs Division. “We will continue to sue organizations that fail to take the necessary precautions to protect consumer privacy.”

Get more local news straight to your inbox. Sign up for free newsletters and patch alerts.

To request removal of your name from an arrest report, submit these required elements at [email protected]

Response rules:

  • Be respectful. It is a space for friendly local exchanges. No racist, discriminatory, vulgar or threatening language will be tolerated.
  • Be transparent. Use your real name and back up your claims.
  • Keep it local and relevant. Make sure your answers stay on topic.
  • Review the Patch Community Rules.

Comments are closed.