On August 9, 2024, the Vermont Office of the Attorney General disclosed a data breach at the law firm Tobin, Carberry, O'Malley, Riley & Selinger, P.C., where unauthorized actors gained access to its network between November 10, 2023, and November 30, 2023. The breach exposed highly sensitive personal and health-related information of individuals, including addresses, dates of birth, Social Security numbers, medical diagnoses, treatment records, health insurance details, and full medical histories. The compromised data poses severe risks, including identity theft, financial fraud, and potential misuse of protected health information (PHI). Given the nature of the exposed records particularly Social Security numbers and medical histories the incident carries long-term repercussions for affected individuals, such as targeted phishing, insurance fraud, or discrimination based on health conditions. The law firm, which likely handles confidential client matters, now faces regulatory scrutiny under HIPAA (Health Insurance Portability and Accountability Act) and state data protection laws, alongside reputational damage and potential litigation from impacted parties.
TPRM report: https://www.rankiteo.com/company/tobin-carberry-o'malley-riley-&-selinger-p-c-
"id": "tob154082025",
"linkid": "tobin-carberry-o'malley-riley-&-selinger-p-c-",
"type": "Breach",
"date": "11/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Legal / Healthcare (handling PHI)',
'location': 'Vermont, USA',
'name': "Tobin, Carberry, O'Malley, Riley & Selinger, "
'P.C.',
'type': 'Law Firm'}],
'data_breach': {'data_exfiltration': 'Likely (based on unauthorized access)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes SSNs, medical records, '
'and health insurance details)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_publicly_disclosed': '2024-08-09',
'description': 'On August 9, 2024, the Vermont Office of the Attorney General '
"reported a data breach involving Tobin, Carberry, O'Malley, "
'Riley & Selinger, P.C. The breach may have affected personal '
'information of individuals, including addresses, dates of '
'birth, Social Security numbers, diagnoses, treatment, health '
'insurance information, and medical history. Unauthorized '
'access to the network occurred from November 10, 2023, to '
'November 30, 2023.',
'impact': {'data_compromised': ['Addresses',
'Dates of birth',
'Social Security numbers',
'Diagnoses',
'Treatment information',
'Health insurance information',
'Medical history'],
'identity_theft_risk': 'High (PII and PHI exposed)'},
'initial_access_broker': {'high_value_targets': 'PHI and PII databases'},
'investigation_status': 'Disclosed; details limited',
'references': [{'date_accessed': '2024-08-09',
'source': 'Vermont Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA (likely, due to PHI '
'exposure)',
'Vermont Data Breach '
'Notification Law'],
'regulatory_notifications': 'Vermont Office of the '
'Attorney General'},
'response': {'communication_strategy': 'Public disclosure via Vermont '
'Attorney General'},
'title': "Data Breach at Tobin, Carberry, O'Malley, Riley & Selinger, P.C.",
'type': 'Data Breach'}