Brightstar Global Solutions Corp., a rebranded lottery subsidiary of International Game Technology PLC, recently informed the state and many former employees that the personal data of more than 6,000 Rhode Island residents may have been compromised for nearly a year.
The company identified the security breach on Nov. 10, 2024, but waited until it ended its internal investigation in August to begin notifying affected states and residents.
Facing the Holidays with a Cancer Diagnosis
The holidays are often painted as a time of joy, tradition, and togetherness. But for…
Learn More
According to state law, the R.I. Office of Attorney General must be notified within 45 days if a data breach affects the personal information of more than 500 state residents. But the clock only begins after an organization finishes investigates the breach, not when the breach is first discovered.
That means the company did not violate state law.
But Rep. Robert D. Phillips, D-Woonsocket, says employers should be required to make more timely notification to the public when residents personal data is at risk. He plans to reintroduce legislation next year to eliminate what he calls a loophole in state law.
Connecticut requires that data breaches be reported to the attorney general and affected consumers within 60 days of their discovery.
