I’ve gotten used to seeing occasional reports from Experian that a client’s login was stolen or acquired by someone who used it to access credit reports on individuals, but an April 7 notification to the New Hampshire Attorney General’s Office is the first time I can recall seeing that type of report from Merlin Information Services.
As someone who routinely gets snarky over disclosure notices, Merlin’s notification to the New Hampshire Attorney General’s Office and affected consumers actually impressed me with the simplicity and clarity of the description of the breach and what consumers should do to protect themselves. Added to the fact that they detected the suspicious conduct in less than 24 hours and notified affected individuals by regular mail in less than three weeks, I’d say they did a pretty good job. Read the notice and see what you think of how they reported this.