PARSIPPANY — Legislation sponsored by Assemblyman Jay Webber requiring companies to notify users of online security breaches is once again moving through the Legislature. A-3245 cleared the Assembly financial institutions committee, and a version of the measure unanimously passed the Senate and Assembly last session, but was not signed into law.
The bill expands a list of breaches requiring notification to include user names, email addresses and any identifying information that can be used with a password or security question to access an online account. Driver’s license and social security numbers, account numbers, and credit or debit card numbers are already included.
“Online customers expect their personal and financial data to be secured,” said Webber (R-Morris). “Security breaches can result in financial loss or identity theft for innocent victims, so customers should learn of a breach as soon as it is discovered to allow them to change passwords and monitor accounts for fraudulent activity.”
Data breaches are becoming more frequent and more expensive. On Friday, Marriott announced that more than a half million customer accounts have been exposed to hackers. This year alone, customer data has been compromised at Uber, Facebook, Dunkin’ Donuts, British Airwaves and T-Mobile. The largest online breach occurred in 2013-2014, when the accounts of 3 billion Yahoo users were compromised.