The company will have to pay New York, California and Vermont a total of $100,000 to cover the investigation costs. In addition, it will pay $500 to each of the approximately 50 US consumers whose credit card details were exposed on-line. This totals about $25,000.
The agreement also requires Ziff Davis to use encryption and user authentication when consumer data are being transmitted to its web site and held on its servers.
The investigation followed a magazine promotion on the company’s Electronic Gaming Monthly web site. A coding error allowed every internet user to access about 12,000 subscription orders for the magazine, 50 of which contained consumers’ credit card details.
Ziff Davis said that it acted promptly to fix the security flaw and that it cooperated with the investigation.