As of January 2008, any business that retains consumer records is required by Maryland law to notify a consumer who is a resident of Maryland if his or her information is compromised. The "security breach law" also requires the business to notify the Office of the Attorney General. Links to notices sent to the OAG from 2018 to the present are listed on this webpage. We are working to keep this list as up-to-date as possible. Questions about specific notices may be directed to IDTheft@oag.state.md.us. Below is a chart containing the case number, date of the notice, business name, how many people are affected what information was compromised and how it was lost.