Pennsylvania Attorney General Michelle Henry announced the launch of an online portal to streamline the process for companies and other entities reporting data breaches impacting more than 500 Pennsylvania residents — which is required under Pennsylvania law beginning on September 26, 2024. Credit reporting companies, or other entities that hold personal data, must report data breaches to the Office of Attorney General, pursuant to the recent amendments to Pennsylvania’s Breach of Personal Information Notification Act (BPINA). Governor Josh Shapiro approved amendments to BPINA when a data breach affected more than 500 Pennsylvanians. The companies must also provide impacted individuals with 12 months of credit monitoring and access to a credit report, if the breach involves the person’s name and Social Security Number, bank account number, or driver’s license or state ID number. Click here to access the reporting portal.
