Hi listmates, A client's employee clicked a phishing link in an email which, predictably, caused the same email to be sent to several hundred recipients, including a number of the client's customers and vendors. The client immediately contained the threat and reset the relevant email account. The client is trying to determine if this constitutes a "data breach" giving rise to notice requirements, etc. My understanding is that this is a state-by-state exercise, and of course there may be additional contractual obligations. Is anyone here familiar with this type of matter and might be willing to help? Please email and I will forward responses to the client. Many thanks Jon *Jonathan L. Hood* 75 South Broadway, Suite 4484 White Plains, NY 10601 o: 929.349.3600 | m: 917.746.0707 e: jon@jonhoodesq.com jonhoodesq.com | LinkedIn <https://www.linkedin.com/in/jonhood> *Judge your business's legal health with our free Legal Risk Assessment <https://jonhoodesq.com/legal-risk-assessment/>* CONFIDENTIALITY NOTICE: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute, or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing, or taking any action in reliance on the contents of this information is strictly prohibited.