The California Office of the Attorney General disclosed a **data breach** at the law firm **Atkinson, Andelson, Loya, Ruud & Romo** in July 2015, stemming from the **theft of a laptop** on **April 23, 2015**. The compromised device potentially contained **personally identifiable information (PII)** of individuals, including **names, addresses, telephone numbers, and Social Security numbers (SSNs)**. The exact number of affected individuals remains **undetermined**, but the exposure of SSNs poses a significant risk of **identity theft, financial fraud, or targeted phishing attacks**. As a law firm, the breach raises concerns about **client confidentiality, regulatory compliance (e.g., state data protection laws), and reputational damage**. The incident highlights vulnerabilities in **physical security controls** for devices storing sensitive data, emphasizing the need for **encryption, access restrictions, and breach response protocols** to mitigate fallout from such events.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-57094
TPRM report: https://www.rankiteo.com/company/atkinson-andelson-loya-ruud-&-romo
"id": "atk717082025",
"linkid": "atkinson-andelson-loya-ruud-&-romo",
"type": "Breach",
"date": "4/2015",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown (PII of individuals)',
'industry': 'Legal Services',
'location': 'California, USA',
'name': 'Atkinson, Andelson, Loya, Ruud & Romo',
'type': 'Law Firm'}],
'attack_vector': 'Theft of Physical Device (Laptop)',
'data_breach': {'data_encryption': 'No (Laptop Likely Unencrypted)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['Names',
'Addresses',
'Telephone Numbers',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High (Includes SSNs)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2015-04-23',
'date_publicly_disclosed': '2015-07-21',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Atkinson, Andelson, Loya, Ruud & Romo on '
'July 21, 2015. The breach occurred on April 23, 2015, due to '
'the theft of a laptop, which may have contained personally '
'identifiable information (PII) of individuals, including '
'names, addresses, telephone numbers, and social security '
'numbers. The number of individuals affected is currently '
'unknown.',
'impact': {'brand_reputation_impact': 'Potential Reputation Damage (PII '
'Exposure)',
'data_compromised': ['Names',
'Addresses',
'Telephone Numbers',
'Social Security Numbers'],
'identity_theft_risk': 'High (PII Including SSNs Compromised)',
'systems_affected': ['Laptop']},
'post_incident_analysis': {'root_causes': ['Theft of Unsecured Laptop '
'Containing Sensitive PII',
'Lack of Encryption or Physical '
'Security Controls']},
'references': [{'date_accessed': '2015-07-21',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential Violation of '
'California Data Breach '
'Notification Laws (e.g., '
'CA Civil Code § 1798.82)'],
'regulatory_notifications': ['Reported to '
'California Office of '
'the Attorney '
'General']},
'response': {'communication_strategy': 'Public Disclosure via California '
'Office of the Attorney General'},
'title': 'Data Breach at Atkinson, Andelson, Loya, Ruud & Romo Due to Laptop '
'Theft',
'type': 'Data Breach (Physical Theft)',
'vulnerability_exploited': 'Lack of Physical Security / Unencrypted Device'}