For New York Gardyn Customers
Specific consumer-protection options for residents of New York affected by CISA advisory ICSA-26-055-03.
This page summarizes general legal context for New York residents. It is not legal advice. Consult an attorney licensed in New York for advice specific to your situation.
What was exposed
Per CISA advisory ICSA-26-055-03 Update A, an unauthenticated cloud API endpoint (CVE-2026-28766) exposed records for approximately 134,215 customers, including names, email addresses, phone numbers, physical addresses, and the last_four partial credit-card field.
New York SHIELD Act and consumer protection
The New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act expands data breach notification obligations and imposes reasonable security requirements for businesses holding the private information of New York residents.
If you are a New York resident potentially affected, you may:
- File a complaint with the New York Attorney General’s Bureau of Internet and Technology at ag.ny.gov/internet/complaint.
- File a consumer complaint at ag.ny.gov/consumer-frauds/filing-consumer-complaint.
- Consider class-action representation. New York General Business Law § 349 prohibits deceptive acts and practices and provides for actual damages plus attorney’s fees in successful actions.
Consult a New York consumer-protection or class-action attorney.
Federal options (any state)
- Federal Trade Commission consumer complaint at reportfraud.ftc.gov.
- Identity theft reporting at identitytheft.gov.
- Free fraud alert or credit freeze with the three U.S. credit bureaus (Equifax, Experian, TransUnion).