April 12 – After discovering that over 623,000 people’s personal information had been exposed by a ransomware attack, CommonSpirit Health, on April 6, 2023, notified the Montana Attorney General of the breach. According to the formal report filed by the business, the event led to the exposure of consumers’ personal information, including names, birth dates, addresses, email addresses, telephone numbers, Social Security numbers, and protected health

April 8 – Prescott College discovered that an unauthorized third party had accessed and deleted some files stored on its computer system, prompting the college to submit a data breach report to the Maine Attorney General on April 5, 2023. According to the company’s filing, the data includes personal information that could compromise the safety of some students and staff at Prescott College. Once it was determined

April 8, 2023 – Following a cyberattack in February 2023, the University of Hawaii Maui College (“UH Hawaii College”) announced the breach on their website on April 6, 2023. However, the specifics of the data breach at UH Maui College remain unknown at this time. UH Maui College has begun mailing data breach notification letters to all persons who were affected by the recent data security issue

April 7, 2023 – After discovering that sensitive student data had been accessed and removed from the university’s computer system by an unauthorized third party, Our Lady of the Lake University (“OLLU”) issued a data breach alert on its website on March 31, 2023. According to the company’s announcement, the incident led to the exposure of customers’ names, birth dates, driver’s license numbers, Social Security numbers,

April 6, 2023 – After discovering a network security incident that allowed unauthorized actors to access confidential consumer data provided to Cornerstone, Cornerstone Home Lending (Cornerstone), which is a division of Cornerstone Capital Bank, filed a notice of data breach with the Attorney General of Montana’s Office on April 3, 2023. According to the company’s report, the breach exposed customers’ names, bank account information, addresses, and loan

April 6, 2023 – After discovering an IT security problem that exposed patient data, Tallahassee Memorial HealthCare (TMH) announced a data breach on its website on March 31, 2023. According to TMH’s official filing, the breach exposed the names, Social Security numbers, health insurance information, addresses, medical record numbers, dates of birth, treatment information, and patient account numbers of TMH patients. TMH began distributing data breach

April 6, 2023 – Western Digital Corporation announced through a press release on April 3, 2023 that it had suffered from a data security issue. The likelihood that the hack resulted in the disclosure of customer information exists; however, the corporation has not yet made a definitive statement to that effect. Western Digital is still looking into the situation, but if it turns out that customer information

April 5, 2023 – After what appears to have been a ransomware attack, Lewis & Clark College (“Lewis & Clark”) posted a notice on its website on March 31, 2023 announcing it. Later, information about Lewis and Clark College students was leaked online by the notorious ransomware gang known as Vice Society. While Lewis & Clark has not yet provided an update in light of this discovery,

April 4, 2023 – Data may have been compromised at Montgomery General Hospital (referred to as “Montgomery” or “MGH”), according to a reputable cybersecurity website on April 2, 2023. According to the report, the breach led to the disclosure of sensitive patient and employee data to an unknown third party. Montgomery General Hospital will have to send out data breach notifications to all affected patients and workers

April 4, 2023 – After discovering on March 31, 2023, that an unauthorized entity had gained access to sensitive patient information contained in its computer system, Southwest Healthcare Services (“Southwest”) notified the Attorney General of Montana of the data breach. According to the official filing by the company, the event led to the exposure of customers’ personal information, including names, addresses, dates of birth, driver’s license numbers,

April 2, 2023 – Health Plan of San Mateo (HPSM) discovered that a third party had gained access to an employee’s email account with the private information of members, and as a result, HPSM filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights on March 17, 2023. The issue led to illegal access to consumers’ names, dates

April 1, 2023 – Bright Horizons Family Solutions, Inc. discovered that an unauthorized user had accessed the company’s corporate system and taken files, including private employee information, and on March 27, 2023, the company filed a report of a data breach with the Massachusetts Attorney General. According to the company’s report, the event led to illegal access to the names, Social Security numbers, and addresses of

April 1, 2023 – Majestic Care discovered that hackers had successfully launched a cyberattack, giving them access to private information belonging to present and former residents and staff members, and on March 28, 2023, the company filed a notice of data breach with the Montana Attorney General. According to the report, unauthorized parties gained illegal access to consumers’ full names, dates of birth, addresses, driver’s license numbers,

April 1, 2023 – After learning from Solv Health that the company had used specific tracking technologies without the university’s consent, the University of California San Diego Health (also known as “UC San Diego Health” or “UCSD Health”) filed a data breach notice with the US Department of Health and Human Services Office for Civil Rights (“HHS-OCR”) on March 16, 2023. The issue led to unauthorized access

March 31, 2023 – US Wellness discovered that certain customers’ protected health information had been compromised because of a data security incident at one of the company’s vendors on March 22, 2023, and as a result, filed a data breach notice with the U.S. Department of Health and Human Services Office for Civil Rights. An unauthorized individual managed to access customer names, dates of birth, addresses, protected