Hefty Penalty for Smallish Breach in Vermont

Attorney General Says Cloud Services Firm Failed to Notify Customer of Breach

The online exposure of an unsecured spreadsheet containing personal data on 660 subscribers to the Affordable Care Act health insurance exchange in Vermont has led the state to impose a $264,000 penalty on an IT services firm.

Under the terms of a settlement with the state’s attorney general, Samanage USA Ltd. agreed to improve its information security and compliance program. The North Carolina-based company is a provider of cloud-based IT support service.