Pennsylvania’s attorney general has set up an online portal where companies in Pennsylvania will be required to report data breaches under amendments enacted this year to the state’s breach notification laws.
Signed into law in June, the amendments require companies to report breaches that affect at least 500 Pennsylvanians starting Sept. 26.
In preparation for the deadline, Attorney General Michelle Henry unveiled the online reporting portal yesterday.
“We have launched this portal to make the process easier and more efficient for businesses who are required to make these notifications,” Henry said in a statement.
Under the amendments, breached companies also must provide 12 months of free credit monitoring and access to a credit report to affected customers, if the breach involves a person’s name and Social Security number, bank account number, or driver’s license or state ID number.
The AG will not publicly report data-breach information, according to a spokesperson for the office.
At least one state, Maine, publishes a rolling list of data breaches.
The background: Data breaches have become increasingly common, and several Central Pennsylvania companies have fallen victim over the last several years.
The average data breach in the U.S. costs $9.36 million this year for things like operational downtime and post-breach cleanup, down slightly from $9.36 million in 2023, according to a report by IBM.
