Connecticut Obtains Settlement Over Data Breach Affecting Webster Bank Customers

Connecticut Attorney General William Tong announced a settlement with Guardian Analytics, Inc. and its successor Actimize, Inc., resolving an investigation into a data breach affecting Webster Bank customers’ data.

Under the settlement, Guardian and Actimize have agreed to pay $500,000 and strengthen their data security practices.

The data breach lasted from November 2022 through January 2023 and impacted the personal information of 157,629 Connecticut customers of Webster Bank. Actimize acquired Guardian in 2020.

Guardian uses behavioral analytics and machine learning to help prevent banking fraud for its client institutions. In order to utilize Guardian’s services, financial institutions, like Webster Bank, need to provide customer information such as names; account numbers; and transaction information, which can include Social Security numbers. This type of data was exposed during the breach.

The settlement resolves allegations that Guardian violated Connecticut’s privacy and consumer protection laws by failing to implement reasonable data security across its systems and by Actimize for failing to properly inventory and integrate Guardian’s systems after purchase. These failures allowed two unauthorized actors to gain access to personal information of Connecticut residents.

As a result of this settlement, Guardian and Actimize have agreed to adopt a series of measures aimed at strengthening its cybersecurity practices going forward, including encrypting all personal information, whether stored or transmitted; conducting annual risk assessments; implementing multi-factor authentication for all individual user accounts and for remote access; and maintaining an incident response plan to prepare for and respond to security incidents.

Topics Cyber Connecticut