Massive data breach alert: AG James urges New Yorkers to secure their data

November 29, 2023 Robert Abruzzese, Courthouse Editor

Attorney General Letitia James announced the successful settlement with cryptocurrency platform KuCoin, securing more than $22 million for illegal operations in New York.

Attorney General Letitia James once again makes headlines with a substantial legal settlement involving a data breach, yet the public remains largely unaffected. Despite her persistent efforts in securing financial penalties from companies for data breaches, they continue to happen regularly.
Photo: Ted Shaffrey/AP

Share this:

New York Attorney General Letitia James has issued a warning to nearly four million New Yorkers on Tuesday in the wake of a significant data breach at Perry Johnson & Associates, a medical transcription company.

The breach, which affected approximately nine million patients nationwide, has put personal information, including Social Security numbers and medical details, at risk of identity theft.

Perry Johnson & Associates, based in Nevada, became aware of the breach in May 2023. The data compromise has affected major health institutions like Northwell Health and Crouse Health, predominantly in New York City and Syracuse.

This incident is not isolated but part of a disturbing trend in which private information is repeatedly leaked, often by companies with which individuals have had no prior interaction. The digital era has brought about a surge in data breaches, leaving personal information vulnerable and raising questions about the security measures employed by companies that handle sensitive data.

In response to this breach, Attorney General James has urged New Yorkers to take immediate and robust measures to protect their personal information.

“I urge all New Yorkers affected by this data breach to stay alert and take these important steps to protect themselves,” said Attorney General James. “Bad actors can use the stolen information to impersonate individuals or cause financial harm. Identity theft is a serious issue, and my office will continue to take action to keep New Yorkers safe.”

James encouraged people to protect themselves by enrolling in credit monitoring services that can help individuals stay informed of any unusual activities or changes in their credit reports. Additionally, she encouraged people to place a credit freeze with major credit bureaus such as Equifax, Experian and TransUnion. This measure effectively prevents identity thieves from opening new accounts in someone’s name.

Setting up a fraud alert with these bureaus is advised to ensure additional verification steps are taken before extending credit. Individuals are also encouraged to obtain and review their medical records from health care providers to spot any discrepancies or unrecognized activities. Vigilantly reviewing and contesting unrecognized medical bills is crucial to prevent fraudulent claims.

Finally, she said, those affected should notify their insurance providers about the breach and any suspected fraud and inquire about the provider’s specific protocols for such incidents.

While the New York Attorney General’s Office is limited in its capacity to enact new legislation, states across the country are beginning to address online privacy concerns more aggressively. According to a report by Politico from February, several states, including Virginia and Utah, have recently passed online privacy laws.

However, there has been criticism that these laws do not go far enough in protecting consumers. This evolving legal landscape reflects a growing acknowledgment of the need for stronger protections for personal data in the digital realm.

As the federal government remains divided on privacy issues, states are increasingly becoming the battleground for establishing stronger online privacy protections.

The American Data and Privacy Protection Act (ADPPA), a broad bipartisan federal privacy bill that died last year, is now serving as a template for state-level privacy legislation. According to Politico, lawmakers in states like Massachusetts and Illinois are proposing measures modeled on the ADPPA, and Indiana Democrats are drawing inspiration from it to strengthen their own proposed legislation.

This state-level push is not aimed at sweeping across all 50 states but rather at tightening regulations in enough places to compel the industry to adopt a de facto national standard. Privacy advocates are striving to enact state-level proposals that align closely with the ADPPA, including limitations on data collection and sharing, establishing a data broker registry, and creating new rights for Americans to delete their data.

However, this approach faces challenges from an industry-led campaign that has successfully enacted weaker laws in states like Virginia and Utah. The Electronic Privacy Information Center, a D.C.-based nonprofit, is spearheading the multi-statehouse push among privacy advocates, targeting states like Maryland and Michigan to introduce state versions of the ADPPA.

Tech companies, represented by groups like TechNet, argue that a series of individual state privacy laws would create confusion and advocate for a single federal privacy law. These companies prefer not to establish multiple compliance systems to satisfy different states’ regulations and are more likely to set up their systems to accommodate the toughest standard.

In Indiana, data privacy legislation mirroring Virginia’s law was introduced, raising concerns about requiring people to opt-out of data collections rather than proactively protecting privacy. Indiana State Sen. Shelli Yoder is looking at the state version of the ADPPA, focusing on its data minimization requirements and private right of action.

In Massachusetts, the Massachusetts Data Privacy Protection Act, advised by the ACLU of Massachusetts, includes modifications like workplace surveillance protections.

Leave a Comment

Click here to cancel reply.