DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Hacked in 2022, Dell & Dean law firm first notifying affected clients now

Posted on July 21, 2024 by Dissent

From DataBreaches’ “Now what does THIS mean?” file,  a notification letter from Dell & Dean PLLC, a law firm in New  York.

On July 17, Dell & Dean’s external counsel notified the Maine Attorney General’s Office about a breach in September 2022 that affected 6,803 people. A copy of the firm’s notification letter was appended to the submission, and DataBreaches looked for an explanation of why it took from September 2022 until July 2024 to notify those affected.  The following is from their notification letter:

What Happened? On September 29, 2022, Dell & Dean became aware of a data security incident that impacted its server infrastructure and took its systems offline. We immediately undertook efforts to restore ourservers and undertook additional affirmative steps to safeguard the security of data maintained on it systems. We also simultaneously retained a forensic investigation firm to determine the nature of the security compromise and identify any individuals whose information may have been compromised.

What Information Was Involved? The forensic investigation determined that access to Dell & Dean’s systems occurred on approximately September 28, 2022 through September 29, 2022. The investigation also identified certain files that may have been accessed or acquired in connection with the incident. In continuing its thorough investigation, we undertook a comprehensive manual review process to review these files and identify the specific individuals with personal information contained therein. This comprehensive manual review process concluded on or about May 30, 2024.

This was not a breach affecting millions of people. So why did it take so long for breach review? Were there many scanned files that could not be machine-processed or was there some other explanation for the delay in completing the process? They do not explain. And did the firm post any substitute notice in the interim to alert clients that their information may have been compromised?

Their letter continued (emphasis added by DataBreaches):

In an abundance of caution, Dell & Dean is providing this notification to you as your personal information may have been accessed and/or acquired in connection with the incident, including <><><><>. We have obtained confirmation to the best of our ability that the information is no longer in possession of the third party(ies) associated with this incident, and it is entirely possible that your specific personal information was not compromised as a result of the incident.

Well, there’s that “abundance of caution” claim again that we’ve grown to hate, especially when notification is not optional and was actually required by law. But it was the confirmation statement that really raised questions.

What confirmation did they obtain that the information was no longer in the hands of the third parties and how did they obtain it? Did they pay a ransom demand to have it allegedly deleted? Did law enforcement seize the servers on which their data resided? What is the basis for a statement that may reassure people that they may not be at risk when they really might be at risk?

Dell & Dean did not respond to an inquiry from DataBreaches asking them the basis for that statement, nor did they respond to a question asking them if any protected health information was accessed or acquired during the breach.

The firm offers those affected 12-months of complimentary mitigation services with Equifax, and encourages people to enroll in the service, but will the statements earlier in the letter lead people to think they can just skip the advice?

 

Category: Business SectorCommentaries and AnalysesHackU.S.

Post navigation

← Pro-Russian Hackers Detained in Spain for Cyberattacks on NATO Allies
MNGI Digestive Health joins ranks of “late-notifiers,” finally notifying more than 767,000 patients of breach last summer →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.