Businesses collecting and retaining personal information about Maryland residents are required by Maryland law to notify residents if their information is compromised. For a full list of what "personal information" includes, please see MD Commercial Code §14–3501 (e). As of October 1, 2022, Maryland law requires that businesses provide specific information in their notification to the Office of the Attorney General. For information on this notice requirement, please see MD Commercial Code §14-3504 (h).
Links to notices sent to the OAG in the last three years are listed on this webpage. Questions about specific notices may be directed to [email protected] Below is a chart containing the case number, date of the notice, business name, how many people are affected, what information was compromised, and how it was lost.
Filters
Displaying 1 - 2 of 2 results.
Results
-
Security Breach Notice
St. Joseph College of Maine - PDF 444 KB
Friday, March 21, 2025Case Number: ITU-376721
Number of Impacted Maryland Residents: 62
Information Breached: Name, Social Security number, driver's license or state issued ID number, financial account number, health insurance policy/subscriber number, treatment information/diagnosis and other health insurance information
How Breach Occurred: Unauthorized access to and acquisition of files from the company network
-
Security Breach Notice
CSG Consultants - PDF 211.8 KB
Thursday, March 20, 2025Case Number: ITU-376588
Number of Maryland Residents Impacted: 2
Information Breached: Names, addresses, dates of birth, and Social Security numbers
How Breach Occurred: Unauthorized access to and acquisition of files from the company network