Victoria’s Secret Direct reached an agreement this week with the New York Attorney General over a breach of customer privacy.
The apparel retailer will compensate New York residents whose personal information was accessible via Victoria Secret’s Web site. An investigation conducted under AG Eliot Spitzer found that some shoppers’ personal information—including name, billing address, and items ordered—was accessible on the site from August to late November 2002, the AG’s office said.
“A business that obtains consumers’ personal information has a legal duty to ensure that the use and handling of that data complies in all respects with representations made about the company’s information security and privacy practices,” Spitzer said.
Columbus, OH-based Victoria’s Secret pays an additional $50,000 to the state and agrees to establish an information security program, management oversight and employee training; hire an external auditor for annual monitoring; and give New York customers a refund or credit.