The first settlement under New York's Information Security Breach and Notification Law has been handed down in that state. In the lawsuit, it was alleged that CS STARS, a claims management company based in Illinois, failed to timely notify the "owner" of underlying computerized data that a computer containing personal information had been lost or stolen. As a result, nearly 540,000 New Yorkers' personal information was exposed to risk over a seven-week period.
According to the Attorney General Andrew Cuomo, an employee at STARS noticed that a computer containing personal data was missing. Yet it took nearly two months for STARS to notify Special Funds (and the FBI) of the security breach. Under New York's Notification Law, a business that maintains personal data for the data owner must notify the owner (e.g., Special Funds) of a breach "immediately following discovery." The owner of the data must then disclose the breach to affected parties "in the most expedient time possible and without unreasonable delay."

The computer had been stolen by a cleaning contractor.

STARS cooperated fully with the investigation, while not admitting to any violation of law.