Ziff Davis, a US-based publishing company, has agreed to pay a
total of $125,000 to end a multi-state privacy investigation into a
security breach that exposed on-line the personal information of
approximately 12,000 magazine subscribers last year.
The company will have to pay New York, California and Vermont a
total of $100,000 to cover the investigation costs. In addition, it
will pay $500 to each of the approximately 50 US consumers whose
credit card details were exposed on-line. This totals about
$25,000.
The agreement also requires Ziff Davis to use encryption and
user authentication when consumer data are being transmitted to its
web site and held on its servers.
The investigation followed a magazine promotion on the company’s
Electronic Gaming Monthly web site. A coding error allowed every
internet user to access about 12,000 subscription orders for the
magazine, 50 of which contained consumers’ credit card details.
Ziff Davis said that it acted promptly to fix the security flaw
and that it cooperated with the investigation.
