The California Office of the Attorney General disclosed a data breach at the law firm Atkinson, Andelson, Loya, Ruud & Romo in July 2015, stemming from the theft of a laptop on April 23, 2015. The compromised device potentially contained personally identifiable information (PII) of individuals, including names, addresses, telephone numbers, and Social Security numbers (SSNs). The exact number of affected individuals remains undetermined, but the exposure of SSNs poses a significant risk of identity theft, financial fraud, or targeted phishing attacks. As a law firm, the breach raises concerns about client confidentiality, regulatory compliance (e.g., state data protection laws), and reputational damage. The incident highlights vulnerabilities in physical security controls for devices storing sensitive data, emphasizing the need for encryption, access restrictions, and breach response protocols to mitigate fallout from such events.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-57094
TPRM report: https://www.rankiteo.com/company/atkinson-andelson-loya-ruud-&-romo
"id": "atk717082025",
"linkid": "atkinson-andelson-loya-ruud-&-romo",
"type": "Breach",
"date": "4/2015",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown (PII of individuals)',
'industry': 'Legal Services',
'location': 'California, USA',
'name': 'Atkinson, Andelson, Loya, Ruud & Romo',
'type': 'Law Firm'}],
'attack_vector': 'Theft of Physical Device (Laptop)',
'data_breach': {'data_encryption': 'No (Laptop Likely Unencrypted)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['Names',
'Addresses',
'Telephone Numbers',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High (Includes SSNs)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2015-04-23',
'date_publicly_disclosed': '2015-07-21',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Atkinson, Andelson, Loya, Ruud & Romo on '
'July 21, 2015. The breach occurred on April 23, 2015, due to '
'the theft of a laptop, which may have contained personally '
'identifiable information (PII) of individuals, including '
'names, addresses, telephone numbers, and social security '
'numbers. The number of individuals affected is currently '
'unknown.',
'impact': {'brand_reputation_impact': 'Potential Reputation Damage (PII '
'Exposure)',
'data_compromised': ['Names',
'Addresses',
'Telephone Numbers',
'Social Security Numbers'],
'identity_theft_risk': 'High (PII Including SSNs Compromised)',
'systems_affected': ['Laptop']},
'post_incident_analysis': {'root_causes': ['Theft of Unsecured Laptop '
'Containing Sensitive PII',
'Lack of Encryption or Physical '
'Security Controls']},
'references': [{'date_accessed': '2015-07-21',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential Violation of '
'California Data Breach '
'Notification Laws (e.g., '
'CA Civil Code ยง 1798.82)'],
'regulatory_notifications': ['Reported to '
'California Office of '
'the Attorney '
'General']},
'response': {'communication_strategy': 'Public Disclosure via California '
'Office of the Attorney General'},
'title': 'Data Breach at Atkinson, Andelson, Loya, Ruud & Romo Due to Laptop '
'Theft',
'type': 'Data Breach (Physical Theft)',
'vulnerability_exploited': 'Lack of Physical Security / Unencrypted Device'}