By Stephanie Choate
September 19th, 2013
Natural Provisions has reached a settlement with the state after accusations that it failed to follow state guidelines after credit card security breaches in 2012.
Attorney General William Sorrell said Natural Provisions agreed to spend $15,000 to upgrade its computer security systems, as well as pay $15,000 to the state.
“The settlement resolves allegations that Natural Provisions failed to promptly notify its customers of a substantial data security breach and failed to expeditiously correct vulnerabilities in its system to fix its security,” according to the press release.
Under Vermont law, a company must notify the attorney general within 14 days of the discovery of a breach, notify its customers within 45 days and quickly take steps to remedy the breach.
Natural Provisions Co-Owner Terry Powers said he “strongly disagrees” with some of the facts in the case, but that Natural Provisions could not afford to take the matter to trial.
“We’re just a small Vermont family business,” he said. “The cost to defend it in court was just next to impossible, so we negotiated and settled.”
Powers said as soon as Natural Provisions was told it had a virus that resulted in a breach of credit card security, it scanned its computers and found and removed a virus. It then replaced its computer hard drives, installed a new firewall and changed credit card processing equipment.
Powers said Natural Provisions staff did not know they had to notify the attorney general’s office within 14 days and agreed that the store failed to meet that guideline, but he said the store acted immediately to protect its customers.
“We certainly did everything we could do to protect the customers,” he said. “It makes no sense that a small business like ours would knowingly let credit cards be compromised.”
Powers added that there has not been a single breach since July 2012.