HARRISBURG – PA Attorney General Michelle Henry announced a settlement with York-based convenience store chain, Rutter’s, regarding cyber security attacks that exposed information from over a million customer payment cards. The attacks happened over a nine-month span in 2018 and 2019, involving 79 store locations, and more than 1.3 million payment cards. The payment card information was accessed electronically, not at any physical store locations. The investigation determined Rutter’s failed to properly employ reasonable data security measures in protecting consumers’ sensitive personal information in violation of PA’s Unfair Trade Practices and Consumer Protection Law. As part of the settlement, Rutter’s agreed to pay $1 million and improve security measures via an independent assessment.
