State Attorneys General Look Into Recent Data Breach Incident

more+
less-

On May 1, the Connecticut Attorney General, George Jepsen, and the Maryland Attorney General and NAAG President, Douglas Gansler, sent a letter to representatives of a “daily deals” website that recently disclosed a data security incident, seeking additional information about the event. The company publicly reported the incident and stated that no financial information was obtained by the hackers. Nevertheless, the AGs presented numerous information requests, including requests for (i) a detailed timeline of the incident, (ii) the number of individuals affected in each state, (iii) the categories and types of compromised information, (iv) a description of how the company determined that no financial information was compromised, and (v) information about how the company stores, connects, protects, and monitors the various customer data in its possession.  Although those experiencing a security breach are often required under state laws to provide this type of information to a state AG, the public release of an AG information request and the joint issuance of a request by multiple state AGs has been less common.