WD & Associates, a division of Patriot Growth Insurance Services, LLC, recently disclosed a data breach incident dating back to February 2023, sparking questions about compliance with Rhode Island’s notification law and the transparency of the breach response. Despite the breach occurring over a year ago, affected individuals have yet to be notified, raising concerns about the company’s adherence to notification obligations.
According to Rhode Island’s data breach notification law, entities must notify residents of any breach that poses a significant risk of identity theft within 45 calendar days of confirming the breach. However, WD’s delayed notification and ongoing investigation into the breach have left individuals in the dark about the potential compromise of their personal information, including sensitive data such as Social Security numbers and financial account information.
While WD claims there is no evidence of misuse of the compromised data, critics argue that without transparent disclosure and proactive measures such as credit monitoring and identity theft restoration services, the true extent of the breach’s impact remains unknown. The delayed notification and lack of clarity surrounding the breach raise questions about WD’s commitment to protecting customer data and complying with regulatory requirements.
