From the I-have-questions department:
Nevada Restaurant Services reported that they experienced a breach in January of this year and that the threat actor was able to copy some of their files.
The type of data varied by person but the notification stated that the
scope of information potentially involved includes individuals’ name, date of birth, Social Security number, driver’s license number or state ID number, passport number, financial account and/or routing number, health insurance information, treatment information, biometric data, medical record, taxpayer identification number, and credit card number and/or expiration date.
My first question is: why did they need all that information? Is this all for employees?
Second: with all that potential data theft, what help did they offer those affected? Their notification does not include any offer of free credit monitoring or identity theft restoration services. None.
I thought such offers were actually required by statute in certain states, but they don’t seem to make any mention of such services for residents of those states (e.g., Massachusetts).
The disclosure does not indicate how many people, total, have been affected.
Has any data shown up on the dark web or a leak site? If so, I haven’t seen it, but will be looking for it going forward.