Office of Consumer Protection

The Cyber Fraud Unit advances the Division's consumer protection mandate by safeguarding New Jersey consumers' constitutional right to privacy in the digital age. Data security and data privacy are among the fastest-growing economic and personal concerns facing New Jersey consumers. Today, consumers provide sensitive personal information to merchants daily and with the expectation that the merchant will safeguard this information. While the vast majority of merchants operate lawfully, oftentimes there are those that seek to profit by misusing, unlawfully acquiring or unlawfully selling consumers' personal information.

As part of the Division's enforcement arm, the Unit enforces the New Jersey Consumer Fraud Act, which prohibits the use of unconscionable commercial practices and deception, including tracking consumers' online behavior and/or downloading malware onto consumers' computers without providing adequate notice to, and obtaining meaningful consent from, consumers. In some cases, the Unit enforces the New Jersey Computer Related Offenses Act (CROA), which prohibits, among other things, the purposeful or knowing and unauthorized access of New Jersey consumers' data, database, computer program, computer software or computer equipment; the federal Children's Online Privacy Protection Act of 1998 and regulations (COPPA) ; the New Jersey Identity Theft Protection Act; the Health Information Technology for Economic and Clinical Health Act (HITECH), and the Health Insurance Portability and Accountability Act of 1996 (HIPPA). In addition, the Unit's investigators take an active role in educating consumers concerning how they can protect their personal information when using Internet-based technologies.

Consumer Alerts

• The Equifax Data Breach:  What to Do
• Beware of the Rising Threat of Computer "Ransomware"​  that Holds Your Data Hostage
• Anthem Data Breach
• Vtech D​​ata Breach

Enforcement

• August 3, 2018
  Operator of Teen Social Website Breached by Hacker Agrees to Close Site and Reform Practices to Settle Allegations it Violated Children’s Online Privacy Protection Act  Read More

• June 6, 2018
  Third-Party Energy Supplier IDT Energy, Inc. Enters into $1.36 Million Settlement with the State to Resolve Allegations It Preyed on Consumers During the Harsh Winter of 2014​  Read More

• May 8, 2018
  NJ Division of Consumer Affairs Announces $100,000 Settlement with App Developer Resolving Investigation Into Alleged Violations of Children’s Online Privacy Law  Read More

• April 4, 2018
  Virtua Medical Group Agrees to Pay Nearly $418,000, Tighten Data Security to Settle Allegations of Privacy Lapses Concerning Medical Treatment Files of Patients  Read More

• November 17, 2017
  N.J. Residents Deceived into Paying Scammers via Western Union Can Apply for Compensation from Settlement Fund  Read More

• Octob​er 30, 2017
  NJ Releases Annual Statistics on Cyber Breaches for the First Time  Read More

• September 15, 2017
  New Jersey Joins Multi-State Call for Equifax to Disable Fee-Based Monitoring Services, Reimburse Fees for Security Freezes  Read More

• February 17, 2017
  Horizon Blue Cross/Blue Shield of New Jersey Agrees to Pay $1.1 Million, Tighten Data Security to Settle Allegations of Privacy Lapses Concerning Personal Information of Policyholders  Read More

• February 6, 2017
  New Jersey Division of Consumer Affairs, Federal Trade Commission Reach $2.5 Million Settlement with Smart TV Manufacturer to Settle Allegations of Invasive Data Collection  Read More

• September 9, 2015
  New Jersey Division of Consumer Affairs Obtains Settlement with Mobile App Developer That Allegedly Collected Consumer Information without Notice and Consent in Violation of State Law  Read More

• June 29, 2015
  New Jersey Division of Consumer Affairs, Federal Trade Commission, Reach Settlement with Developer of Mobile App that Allegedly Hacked New Jersey Smartphones with Harmful Malware  Read More

• May 26, 2015
  New Jersey Division of Consumer Affairs Obtains Settlement with Developer of Bitcoin-Mining Software Found to Have Accessed New Jersey Computers Without Users' Knowledge or Consent  Read More

• November 23, 2013
  Acting Attorney General Announces Settlement Resolving Allegations That Maker of "Dokobots" App Violated Children's Online Privacy Rules  Read More

• November 21, 2013
  Acting Attorney General Announces Settlement Resolving Allegations Data Company Engaged in Online "History Sniffing"  Read More

• November 19, 2013
  Acting Attorney General Announces $1 Million Settlement Resolving Consumer Fraud, Unlawful Access Claims Against Online Gaming Company  Read More

• November 18, 2013
  New Jersey Joins Multi-State Settlement that Resolves Allegations Google Breached Privacy Settings on Safari Browsers  Read More

• July 25, 2013
  New Jersey Division of Consumer Affairs Obtains Million-Dollar Settlement with Online Advertising Company Accused of Overriding Consumers' Privacy Settings Without Consent  Read More

Consumer Briefs

• Playing It Safe on the Internet
• Identity Theft & Phishing
• Identity Theft Prevention Act - A Guide for Businesses
• Credit Card Skimming
• SMiShing: Personal Information Theft Using Text Messaging
• How to Place a Security Freeze on Your Credit Report
• What You Should Know About Privacy Notices
• Online Glossary of Common Web Terms, (A-K)
• Online Glossary of Common Web Terms, (L-Z)
• Elder Fraud
• Beware of Government Impostor Scams
• Beware of the Grandparent Scam
• Playing it Safe on the Internet

Useful Links

• Cyber Security Handbook and Other Useful Information (New Jersey Division of Consumer Affairs)
• Identity Theft-Information & Assistance (Division of Criminal Justice)
• Identity Theft Victim's Reference Guide (New Jersey State Police)
• New Jersey Cybersecurity and Communications Integration Cell (NJCCIC)
• Consumer Information (Federal Trade Commission)
• Internet Crime Complaint Center (IC3)  (Federal Bureau of Investigation)