California Dept. of Consumer Affairs has a breach, but doesn’t notify those affected for 6 months?

Ouch. The California  Department of Consumer Affairs – Bureau of Automotive Repair  (“BAR”) learned that a service provider had a network intrusion breach  that gave someone access to bank account numbers and bank routing numbers belonging to the Smog Check stations licensed by the BAR.

The breach reportedly occurred between May 2012 and March 2013, but according to their notification to the state, they first discovered the breach on January 4, 2013. So why the six-month delay in notification?  And why did it take their service provider so long to discover the breach?

You can read their notification letter here.

About the author: Dissent