A Rhode Island-based staffing firm will pay $230,000 in penalties following a data breach in 2020, the Massachusetts Attorney General’s Office announced today. The breach impacted more than 3,000 Massachusetts residents.

Industrial staffing firm TradeSource was hacked in December 2020 after an employee fell victim to a phishing email, according to the Attorney General’s office. Hackers were able to steal personal data of users, including names and Social Security numbers, according to the office. TradeSource provided two years of free credit monitoring and identity theft protection to affected people.

However, the Attorney General’s office alleged TradeSource violated Massachusetts data privacy laws by failing to have a written information security program in place during or prior to the data breach.

In addition to paying $230,000 in penalties, TradeSoruce must also be compliant with state law and continue training employees on personal information security.