TradeSource Inc., a Rhode Island construction staffing firm with a branch in Natick has agreed to pay $230,000 in penalties resulting from a 2020 data breach impacting more than 3,000 Massachusetts residents, according to Massachusetts’ Office of the Attorney General.
The incident began when a TradeSource employee fell victim to a phishing scam, and hackers were then able to steal personal data, including names and social security numbers of users, according to a Thursday press release from the office of the attorney general.
The penalties stem from the company allegedly violating state law by not having a written information security program, or WISP, in place. A WISP documents an organization’s protocols or guidelines to protect the security and confidentiality of personal information. Under Massachusetts laws, companies must maintain a WISP in order to protect such data according to the AG’s office.
“Companies need to have the proper security measures and systems in place to keep the sensitive information of individuals safe from hackers,” said Attorney General Maura Healey in the press release. “My office is pleased to have secured this settlement and will continue to ensure companies are abiding by our data security laws and protecting the personal information of Massachusetts residents.”
