Ziff Davis, AGs Reach Deal in Security Gaffe
The agreement stemmed from a November incident in which the credit card information of about 50 subscribers was exposed on the Web.
Terms of the deal were available on the Office of New York State Attorney General Eliot Spitzer Web site. New York-based Ziff Davis is required to:
· Encrypt sensitive data during transmission from consumers.
· Control file access through user authentication and application controls.
· Monitor and control server activity.
· Review applications prior to implementation.
· Implement risk identification and response protocols.
· Establish management oversight and employee training programs.
· The publisher also agreed to pay $500 to each consumer directly affected by the security breach.