PA AG Comments Raising Questions About Status of Contact Tracing Data Breach Investigation – WPXI

HARRISBURG, Pa. — The Pennsylvania attorney general’s office told Target 11 several weeks ago that it had closed the Insight Global data breach investigation without filing civil or criminal charges.

But at a Pennsylvania Senate appropriations hearing in Harrisburg, Attorney General Josh Shapiro’s comments left some wondering what’s going on with the data breach investigation and why nothing was done about it. remediate.

“In April 2021, I learned of the potential breach with this third-party contractor not from the department, but from a reporter in Pittsburgh,” said Sen. Kristin Phillips-Hill (R-York County), who interviewed Shapiro on the status of the data breach investigation.

After Target 11 announced last year that Insight Global, the private company paid $30 million to conduct contact tracing in Pennsylvania, failed to secure the data of 72,000 people across Pennsylvania. , the attorney general said he was opening an investigation into the data. infringe.

Related >>> Pennsylvania to End Contract with Contact Tracing Provider Involved in Data Breach Revealed by Target 11

Shapiro’s office told Target 11 several weeks ago that it had closed the investigation without filing any civil suits or criminal charges, but during the Senate hearing, Shapiro declined to discuss the state of the investigation, when questioned by Phillips-Hill.

“I consider this to be a serious data breach. I cannot, in this context, enter into the status of our review,” Shapiro said.

Phillips-Hill also asked Shapiro why he didn’t file a lawsuit against Insight Global, when he filed one against Uber for failing to notify drivers of a 2016 data breach that didn’t happen. had affected only 10,000 drivers in Pennsylvania.

Insight Global’s data breach included the names and contact information of 72,000 adults and children, as well as sensitive medical information across the state.

No financial information was disclosed.

“Can you explain why a lawsuit hasn’t been filed yet?” asked Phillips-Hill.

“Not in this situation,” Shapiro replied.

After the hearing, I spoke via Zoom with Phillips-Hill. She was surprised to learn that the Attorney General’s office told Target 11 that the investigation into Insight Global had already been completed and that no action had been taken against the company, the State Department at the Health or anyone else associated with the breach.

“I got the impression today from the Attorney General, under oath, that the effort is still ongoing. Yet the information provided to the media indicates that it has been closed and no further action will be taken. So I’m concerned about that,” Phillips-Hill said.

I contacted the Attorney General’s office again and a spokesperson told me that they stand by their original statement that the case was dismissed without any action and referred to the Department of Health, adding that the Senate appropriations hearing was not the place to discuss the investigation.

Shapiro suggested it during his comments at the hearing.

“I agree that we need to take public and private sector data breaches equally serious. Just because I’m not going to go into the details of an investigation in a context like this doesn’t mean we don’t take it seriously,” said Shapiro, whose office said we should contact the Department of Health for an update.

A Department of Health spokesperson told Target 11 that they are still working to resolve some legal issues with Insight Global.

Insight Global therefore offered free credit monitoring.

A federal class action lawsuit has been filed on behalf of the 72,000 people whose information was exposed. The courts dismissed the Department of Health from the lawsuit and Insight Global asked the judge to dismiss the case. Both sides are now waiting for the judge to rule on the case.