related to

Reporting data breaches to the Attorney General’s Office

If you know or have reason to know that your organization has experienced a data breach covered by the Breach Notification Law, you must notify the Attorney General’s Office.

Use this online portal to provide written notification to the Attorney General's Office about a data breach. You will be asked to attach the Consumer Notice to the form.

Submission through the online portal is preferred, but not required. If you choose not to use the online form, please mail your notice to the Attorney General's Office. A sample letter containing information you must provide to the Attorney General's Office is available here. You should address your letter to:

Massachusetts Office of the Attorney General
Consumer Protection Division
Attn: Data Breach Notification
One Ashburton Place
Boston, MA 02108

Please be aware that Chapter 93H has been amended. Your notice to the Attorney General's Office now must disclose the following: 

  • The nature of the security breach or unauthorized access or use of personal information;
  • The number of Massachusetts residents affected by such incident at the time of notification;
  • The name and address of the person or agency that has experience the incident;
  • The name and title of the person or agency reporting the incident, and their relationship to the person or agency that experienced the incident;
  • The type of person or agency reporting the incident;
  • The person responsible for the incident, if known;
  • The type of personal information compromised, including, but not limited to:
    • Social Security number
    • Driver's license number
    • Financial account number
    • Credit or debit card number
    • or other data;
  • Whether the person or agency maintains a written information security program;
  • All the steps the person or agency has taken or plans to take relating to the incident, including updating the written information security program
  • Whether a report has been made to law enforcement and whether law enforcement is investigating the incident; and
  • Where applicable, certification of credit monitoring services pursuant to Chapter 93H, section 3A. 

If you are a Massachusetts resident affected by a breach and wish to notify the Attorney General’s Office please call 617-727-8400 or file a consumer complaint online.

Feedback