Search the Office of the Attorney General
Search Attorneygeneral.gov
SUBMIT A COMPLAINT
Report a Data Breach
Search the Office of the Attorney General
Search Attorneygeneral.gov
Menu
The Office
News & Media
Get Help
Family Matters
Kids
Seniors
Military & Veterans Affairs
Natural Gas Royalty Lawsuit
General Protection
Bureau of Consumer Protection
Civil Rights
Consumer Advisories
Home Improvement
Charitable Giving
Identity Theft
Insurance Fraud
Puppy Lemon Law
Health Care Related
Opioid Battle
Healthcare Matters
Medicaid Fraud
Vector Smart Object
Do Not Call List
Do you receive unwanted calls? Check or add your phone numbers to the Pennsylvania Do Not Call Registry.
Resources
OAG Information
Official AG Opinions
Commonly Asked Questions
Law Enforcement Treatment Initiative
Send Drug and Child Predator Anonymous Tips
General Resources
Brochures & Publications
Community Drug Abuse Prevention Grant Program
ACRE – Agriculture, Communities and Rural Environment
Pennsylvania State Coroners’ Education Board
Tobacco Enforcement
Concealed Carry Agreements
Voting and Election Information in Pennsylvania
Conviction Integrity Section
Pennsylvania Reentry Program
Registrations
Home Improvement Contractor Registration
Health Club Registration
Telemarketing in PA
Fireworks Display Registration
Uniform Planned Community Act
Home Improvement Contractor Registration
Home Improvement Contractor Registration
Contact
Search the Office of the Attorney General
Search Attorneygeneral.gov
Uh oh. You have activescript or javascript disabled. Both of these are required in order to submit forms as well as use other areas of the site. Please review our
Accessibility Policy
.
Home
>
Report a Data Breach
Report a Data Breach
1
Before You File
2
Your Information
3
Entity That Experienced the Breach
4
Breach Details
5
Date Details
6
Upload Documents
7
Confirmation
8
Review
Please select one of the following to proceed
(Required)
You are a business reporting a data breach pursuant to 73 P.S. § 2303(c.1).
You are a Pennsylvania government agency or entity reporting a data breach pursuant to 73 P.S. § 2303(a.1).
You are a person that is a victim of a data breach.
Please continue on our
Identity Theft
page.
Name
(Required)
First
Last
Title
Your Firm/Organization Name
(Required)
Address
(Required)
Street Address
Address Line 2
City
State / Province / Region
ZIP / Postal Code
Afghanistan
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Australia
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius and Saba
Bosnia and Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cabo Verde
Cambodia
Cameroon
Canada
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos Islands
Colombia
Comoros
Congo
Congo, Democratic Republic of the
Cook Islands
Costa Rica
Croatia
Cuba
Curaçao
Cyprus
Czechia
Côte d'Ivoire
Denmark
Djibouti
Dominica
Dominican Republic
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Eswatini
Ethiopia
Falkland Islands
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard Island and McDonald Islands
Holy See
Honduras
Hong Kong
Hungary
Iceland
India
Indonesia
Iran
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Japan
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Democratic People's Republic of
Korea, Republic of
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Libya
Liechtenstein
Lithuania
Luxembourg
Macao
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia
Moldova
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Macedonia
Northern Mariana Islands
Norway
Oman
Pakistan
Palau
Palestine, State of
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Romania
Russian Federation
Rwanda
Réunion
Saint Barthélemy
Saint Helena, Ascension and Tristan da Cunha
Saint Kitts and Nevis
Saint Lucia
Saint Martin
Saint Pierre and Miquelon
Saint Vincent and the Grenadines
Samoa
San Marino
Sao Tome and Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Singapore
Sint Maarten
Slovakia
Slovenia
Solomon Islands
Somalia
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Spain
Sri Lanka
Sudan
Suriname
Svalbard and Jan Mayen
Sweden
Switzerland
Syria Arab Republic
Taiwan
Tajikistan
Tanzania, the United Republic of
Thailand
Timor-Leste
Togo
Tokelau
Tonga
Trinidad and Tobago
Tunisia
Turkmenistan
Turks and Caicos Islands
Tuvalu
Türkiye
US Minor Outlying Islands
Uganda
Ukraine
United Arab Emirates
United Kingdom
United States
Uruguay
Uzbekistan
Vanuatu
Venezuela
Viet Nam
Virgin Islands, British
Virgin Islands, U.S.
Wallis and Futuna
Western Sahara
Yemen
Zambia
Zimbabwe
Åland Islands
Country
Email
(Required)
Enter Email
Confirm Email
Phone
(Required)
Entity that experienced the Breach
Entity Name
(Required)
This field is hidden when viewing the form
Entity Name
(Required)
First
Last
Address
(Required)
Street Address
Address Line 2
City
State / Province / Region
ZIP / Postal Code
Afghanistan
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Australia
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius and Saba
Bosnia and Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cabo Verde
Cambodia
Cameroon
Canada
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos Islands
Colombia
Comoros
Congo
Congo, Democratic Republic of the
Cook Islands
Costa Rica
Croatia
Cuba
Curaçao
Cyprus
Czechia
Côte d'Ivoire
Denmark
Djibouti
Dominica
Dominican Republic
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Eswatini
Ethiopia
Falkland Islands
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard Island and McDonald Islands
Holy See
Honduras
Hong Kong
Hungary
Iceland
India
Indonesia
Iran
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Japan
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Democratic People's Republic of
Korea, Republic of
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Libya
Liechtenstein
Lithuania
Luxembourg
Macao
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia
Moldova
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Macedonia
Northern Mariana Islands
Norway
Oman
Pakistan
Palau
Palestine, State of
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Romania
Russian Federation
Rwanda
Réunion
Saint Barthélemy
Saint Helena, Ascension and Tristan da Cunha
Saint Kitts and Nevis
Saint Lucia
Saint Martin
Saint Pierre and Miquelon
Saint Vincent and the Grenadines
Samoa
San Marino
Sao Tome and Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Singapore
Sint Maarten
Slovakia
Slovenia
Solomon Islands
Somalia
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Spain
Sri Lanka
Sudan
Suriname
Svalbard and Jan Mayen
Sweden
Switzerland
Syria Arab Republic
Taiwan
Tajikistan
Tanzania, the United Republic of
Thailand
Timor-Leste
Togo
Tokelau
Tonga
Trinidad and Tobago
Tunisia
Turkmenistan
Turks and Caicos Islands
Tuvalu
Türkiye
US Minor Outlying Islands
Uganda
Ukraine
United Arab Emirates
United Kingdom
United States
Uruguay
Uzbekistan
Vanuatu
Venezuela
Viet Nam
Virgin Islands, British
Virgin Islands, U.S.
Wallis and Futuna
Western Sahara
Yemen
Zambia
Zimbabwe
Åland Islands
Country
Email Address
Phone Number
Website
Organization Type
(Required)
Agriculture
Accommodation and Food Services
Charity/Not-For-Profit
Construction
Education
Energy
Entertainment
Financial
Government
Health
Insurance
Manufacturing
Media and Telecommunications
Mining
Professional Services
Real Estate
Retail
Technology
Transportation
Other
Breach Details
Description of Breach (Select All That Apply)
(Required)
External systems breach (I.e. Hacking)
Inadvertent disclosure
Insider wrongdoing
Internal systems breach
Loss of device, documentation or media
Theft of device, documentation or media
Unauthorized access (not including theft, loss or hacking)
Other
Type of External Hacking
DoS "Denial of Service" Attack
Password/Credentials Compromised
SQL Injection
Unknown/Not Determined
Virus (including "Trojan Horse", "Phishing" or other malicious codes)
Other
Description of Breach (Other)
Information Accessed/Acquired (Select All That Apply)
(Required)
Social Security Number
Driver License Number/ Non-Driver ID
Financial account information (including payment cards)
Username/ email address and password
Unknown/ not determined
Health insurance information
Medical information in the possession of a State Agency or State Agency Contractor
Other
Is the entity a “Covered Entity” required to provide notice to the U.S. Department of Health and Human Services under 45 C.F.R § 164-408?
(Required)
Yes
No
Total number of persons affected (including Pennsylvania residents)
(Required)
Pennsylvania State residents
(Required)
Do you believe that this security breach was part of a larger breach that likely affected other organizations?
(Required)
Yes
No
Have the Consumer Reporting Agencies been notified?
(Required)
Yes
No
Breach Date Details
Start Date
(Required)
MM slash DD slash YYYY
End Date
(Required)
MM slash DD slash YYYY
Date learned of unauthorized access to network
(Required)
MM slash DD slash YYYY
Date learned private information was accessed and acquired
(Required)
MM slash DD slash YYYY
Date affected Pennsylvania residents were notified
(Required)
MM slash DD slash YYYY
Manner of notification to affected persons (Select All That Apply)
Written
Electronic
Telephone
Substitute notice
List dates of any previous (within 12 months) breach notifications
Identity theft protection service offered?
(Required)
Yes
No
Summary of incident
(Required)
Upload Documents
Do you have supporting documents?
Yes
No
Upload your supporting documments
Drop files here or
Select files
Accepted file types: jpg, gif, png, pdf, Max. file size: 100 MB, Max. files: 25.
In filing this report, I understand that:
End
(Required)
The Attorney General may share information contained in this notification with other state, local and/or federal government agencies to coordinate law enforcement. In addition, the Attorney General may use information contained in this notification in legal proceedings to establish violations of law.
Untitled
(Required)
I understand that any false statement made in connection with this report was made pursuant to and under penalty of 18 Pa.C.S. § 4904, relating to unsworn falsification to authorities.
Untitled
(Required)
By typing my full name below, I certify that the above complaint is true and accurate to the best of my knowledge and that all documents attached are true and accurate copies of the originals.
Signature
Todays Date
MM slash DD slash YYYY
Are you human?
Δ
Bureau of Consumer Protection
15th Floor, Strawberry Square
Harrisburg, PA 17120
800-441-2555
Learn about the Breach of Personal Information Notification Act (“BPINA”)
