New York Attorney General Letitia James today announced a settlement with a public accounting firm, Wojeski & Company (Wojeski), to strengthen its data security to protect consumers’ data. Wojeski did not take proper measures to secure their clients’ personal information and suffered two cybersecurity incidents that exposed the private information of more than 4,700 New Yorkers. An investigation by the Office of the Attorney General (OAG) found that Wojeski took over a year to notify victims of the data breach, despite being required to notify victims soon after a breach. As a result of today’s agreement, Wojeski must pay $60,000 in penalties and take steps to improve its cybersecurity measures. Individuals who were affected by the data breaches were offered one year of free credit report monitoring.

“Ransomware attacks like the ones at Wojeski put consumers at risk,” said Attorney General James. “As an accounting firm, Wojeski should have taken stronger measures to protect New Yorkers’ personal data and prevent data breaches that could lead to identity theft and other types of fraud. When New Yorkers pay for a service, they should trust that the company they are paying will not expose their private information. Companies must do more to protect their customers’ data and my office will not hesitate to hold them to account.”