A data breach involving Westlaw’s public records database took place about one month ago (October 14th) and was recently reported to the New Hampshire Attorney General’s Office.
The filing is accessible here and includes a copy of a notification letter sent to those effected.
New Hampshire law requires that data breaches are reported to state authorities. See 359:C20(I)(B)
We learned of this data breach via the Office of Inadequate Security (blog) that does a nice job summarizing the West filing.
Investigation revealed that some subscribers’ passwords had been compromised and used to access the database. The types of information involved included addresses, date of birth, and in some cases, driver’s license numbers and Social Security numbers. No bank account or credit card information was involved.
We also learn that:
- West contacted federal authorities
- A forced reset of passwords took place
- A letter was sent to those affected
- Free credit monitoring was offered
Direct to Blog Post