Home
Our Services
Free resources
- Privacy Research
  Free to use data privacy research
  Key Capabilities
  Latest privacy news tracking
  Product versions
  Latest privacy news tracking
  Track the latest news, breaches and fines
  Key features
  Tracks the latest breaches and fines
  View by industry
  View by breach method
  View by privacy topic
  Links to original articles
  Free to use
  
  Learn more »
  Latest Threat Intelligence
  Product versions
  Latest Threat Intelligence
  Track the Common Vulnerability Exposures (CVEs)
  Key features
  Tracks the latest vulnerabilities
  View by company
  View by breach method
  Links to NVD
  Free to use
  
  Learn more »
  Breach modelling and ROI calculator
  Product versions
  Breach modelling and ROI calculator
  Model what a breach would look like for you in your industry and use this to calculate your return on investment
  Key features
  Model your breach
  Assess the severity
  Compare by industry
  Breakdown costs
  Export to your business plan
  Free to use
  
  Learn more »
Privacy news
Company
- About Us
- FAQ
- Contact Us

Attorney General James Announces Settlement with Accounting Firm for Failing to Protect New Yorkers Personal Data

pNEW YORK New York Attorney General Letitia James today announced a settlement with a public accounting firm Wojeski Company Wojeski to strengthen its data security to protect consumers data Wojeski did not take proper measures to secure their clients personal information and suffered two cybersecurity incidents that exposed the private information of more than 4700 New Yorkers An investigation by the Office of the Attorney General OAG found that Wojeski took over a year to notify victims of the data breach despite being required to notify victims soon after a breach As a result of todays agreement Wojeski must pay 60000 in penalties and take steps to improve its cybersecurity measures Individuals who were affected by the data breaches were offered one year of free credit report monitoringppRansomware attacks like the ones at Wojeski put consumers at risk said Attorney General James As an accounting firm Wojeski should have taken stronger measures to protect New Yorkers personal data and prevent data breaches that could lead to identity theft and other types of fraud When New Yorkers pay for a service they should trust that the company they are paying will not expose their private information Companies must do more to protect their customers data and my office will not hesitate to hold them to accountppWojeski is a certified public accounting firm On July 28 2023 Wojeski employees realized they were experiencing a ransomware attack when they were unable to access certain files in their systems After containing the threat and launching an investigation Wojeski found that the cyberattack was likely caused by a phishing email sent to one of their employees The investigation also found that customers social security numbers were not encrypted in parts of the companys network On May 31 2024 Wojeski was notified of another data breach when an employee from a firm hired to help with the investigation improperly accessed customer data located in the files that Wojeski had sent for review The employees were also sending the information to several external email addresses without authorization ppWojeski did not notify customers of either security breach until November 2024 a year and a half after their clients personal data was first jeopardized Personal data exposed in one or both incidents included names dates of birth social security numbers drivers license numbers email addresses phone numbers financial account numbers medical benefits and entitlement information The 2023 data breach affected 5881 individuals 4726 of whom were New York residents and the 2024 breach affected a total of 351 individuals 267 of whom were New York residents Following the data breaches Wojeski offered impacted individuals free credit monitoringppAs a result of todays agreement Wojeski will pay 60000 in penalties and the company is required to adopt stricter security standards to better protect the personal information of its customers in the future includingppThis breach is a serious reminder that protecting personal information isnt optional said Albany County Executive Daniel P McCoy When businesses handle sensitive data they owe it to their clients and our community to safeguard that information I appreciate Attorney General James efforts to hold this firm accountable and I hope this serves as a reminder to every organization that data privacy must be treated with the same care as any other public trustppThe protection of every New Yorkers personal data and privacy must always be a top priority said Senator Patricia Fahy I commend Attorney General James for taking decisive action to hold this firm accountable and ensure stronger safeguards are in place moving forward Data security is a matter of public trust and this settlement highlights the importance of protecting personal and sensitive datappProtecting the personal information of those we serve must always be a top priority said Assemblymember John T McDonald III This settlement is a reminder that every organization handling personal data must take cybersecurity seriously I commend Attorney General James for her continued work to ensure New Yorkers information is protectedppProtecting the personal data of New Yorkers is a fundamental responsibility of any business entrusted with sensitive information said Assemblymember Gabriella A Romero When a firm fails to act quickly after a data breach its not just a lapse in cybersecurity its a lapse in trust I am continually proud to be represented by a strong advocate like Attorney General Letitia James who time and time again defends New Yorkers right to privacy and security Albany businesses must take this as a reminder that transparency strong data protections and swift actions are essential to maintaining public confidenceppAttorney General James has consistently held companies accountable for having poor cybersecurity In March 2025 Attorney General James sued Allstate and Root Insurance for failing to protect New Yorkers information causing more than 165000 and 45000 respectively New Yorkers information to be exposed In December 2024 Attorney General James announced a 500000 settlement with Noblr auto insurance for inadequate data security In November 2024 Attorney General James and Department of Financial Services Superintendent Adrienne Harris secured 113 million from GEICO and Travelers for having poor data security In October 2024 Attorney General James secured 225 million from a Capital Region health care provider for failing to protect the private information and medical data of New Yorkers In August 2024 Attorney General James and a multistate coalition secured 45 from a biotech company for failing to protect patient data In July 2024 Attorney General James launched two privacy guides a Business Guide to Website Privacy Controls and a Consumer Guide to Tracking on the Web to help businesses and consumers protect themselves ppThis matter was handled by Deputy Bureau Chief Clark Russell of the Bureau of Internet and Technology under the supervision of Bureau Chief Kim Berger The Bureau of Internet and Technology is a part of the Division for Economic Justice which is led by Chief Deputy Attorney General Chris DAngelo and overseen by First Deputy Attorney General Jennifer LevyppWe value your privacyWe use cookies to enhance your browsing experience improve our content delivery and analyze our traffic We do not use cookies for advertising or marketing purposes By using this website you consent to our use of cookies You can learn more about how we collect and use information by reviewing our privacy policyp

Read the original article 11 Nov 2025

Key Capabilities

Latest privacy news tracking

Latest Threat Intelligence

Breach modelling and ROI calculator

Attorney General James Announces Settlement with Accounting Firm for Failing to Protect New Yorkers Personal Data