So for a law firm, I would think this would be a really bad breach to have to disclose.
Mason Law Office in Sacramento sent a copy of their notification to the California Attorney General’s Office. Their notification reads, in part:
What happened?
On or about May 5, 2018, we discovered evidence of unauthorized access to mycase.com by an unknown individual or group of individuals. It is unclear how this access was made since we have implemented all security measures offered by mycase.com. Client data was potentially accessed, client case information was deleted, and other administrative changes were made to the system. The extent of the information accessed will be thoroughly investigated by Mason Law Office, P.C. and mycase.com. You will be contacted if we discover any information specific to your case.
What Information Was Involved?
Generally, any information uploaded to mycase.com was potentially accessed, and information has been deleted. Information potentially accessed includes client names, social security numbers, driver’s license numbers, phone numbers, email addresses, as well as legally privileged/protected information, including legal documents, case notes, disclosures, financial statements, evidence, photos, invoices, transcripts, trust balances, and attorney-client communications. Please note, our standard procedure is to remove identifiable account information from financial statements, tax returns, and disclosure documents prior to uploading them into mycase.com. We also do not store payment information, such as credit card information used for payments into your trust account. No payment information given to us was ever put into mycase.com whatsoever. We use bank approved software for all payment transactions, which is highly regulated and secure.