PRINT

Massive data breach that includes Social Security numbers may be even worse than suspected

August 16, 2024Media Mention
Los Angeles Times

Cybersecurity & Privacy Partner Tim Toohey shared his insights with Los Angeles Times regarding the National Public Data data breach.

Excerpts:

Laws in California and essentially every other state require companies to notify any individual whose sensitive personal information has been taken in a breach, said Timothy Toohey, head of the privacy and data security practice at law firm Greenberg Glusker in Los Angeles.

There’s no specific deadline for the notification, Toohey said, just an expectation that it be done expeditiously. But the scope of this case poses a challenge for National Public Data, he said, because it will have to figure out which of the affected individuals are still alive and where they currently live, then comply with the specific requirements in that state.

“Logistically, this is kind of mind-boggling,” Toohey said.

That sort of notice would not satisfy the requirements of California law, which also requires the state attorney general’s office to be informed of any breach that affects more than 500 state residents, Toohey said.

So far, the company hasn’t offered free credit monitoring services for people whose information was stolen, unlike other companies that have suffered massive data breaches. “Normally, with a data breach notification, you offer something because you want to appear to be proactive and to be helping people,” Toohey said.

Resources