Press Releases

Attorney General William Tong

10/21/2024

Attorney General Tong Announces $500,000 Settlement with Guardian Analytics Following Data Breach

(Hartford, CT) – Attorney General William Tong today announced a settlement with Guardian Analytics, Inc. (“Guardian”) and its successor Actimize, Inc. (“Actimize”), resolving an investigation into a data breach that impacted the personal information of 157,629 Connecticut residents who were customers of Webster Bank, N.A. Under the settlement, Guardian and Actimize, as its successor, have agreed to strengthen their data security practices and pay $500,000.

“Companies like Guardian Analytics that collect and maintain our sensitive personal information have an obligation to take reasonable measures to keep that data secure. That did not happen here, compromising personal information for thousands of customers of Webster Bank, one of Guardian’s clients. As a result of today’s settlement, Guardian must pay the state $500,000 and commit to strong cybersecurity practices going forward,” said Attorney General Tong.

Guardian uses behavioral analytics and machine learning to help prevent banking fraud for its client institutions. In order to utilize Guardian’s services, financial institutions, like Webster Bank, need to provide customer information such as names; account numbers; and transaction information, which can include Social Security numbers. This type of data was exposed during the breach, which lasted from November 2022 through January 2023.

Today’s settlement resolves allegations by the Attorney General that Guardian violated Connecticut’s privacy and consumer protection laws by failing to implement reasonable data security across its systems and by Actimize for failing to properly inventory and integrate Guardian’s systems after purchase. These failures allowed two unauthorized actors to gain access to personal information of Connecticut residents.

As a result of this settlement, Guardian and Actimize, as its successor, have agreed to adopt a series of measures aimed at strengthening its cybersecurity practices going forward, including:

Maintaining a comprehensive information security program designed to protect the security, confidentiality, and integrity of personal information;
Implementing and maintaining strong integration practices that require onsite inspections of acquired entities;
Encrypting all personal information, whether stored or transmitted;
Conducting and documenting annual risk assessments;
Implementing and maintaining multi-factor authentication for all individual user accounts and for remote access;
Implementing and maintaining an incident response plan to prepare for and respond to security incidents; and
Obtaining an information security assessment to be conducted by a qualified third-party professional.

Assistant Attorneys General Kileigh Nassau and John Neumon, as well as Deputy Associate Attorney General and Privacy Section Chief Michele Lucan, assisted the Attorney General in this matter.


Twitter: @AGWilliamTong
Facebook: CT Attorney General
Media Contact:

Elizabeth Benton
elizabeth.benton@ct.gov

Consumer Inquiries:

860-808-5318
attorney.general@ct.gov