Here's another notification where it sounds like the victim paid the extortion demand but doesn't come right out and say that. Instead, their notification letter says that the data had temporarily been posted online but "The data is no longer posted on the dark web and, at this time, Kronick has no reason to believe this data was retained by the unknown third party or that any additional data was taken."

They don't name the attackers, but this was an incident involving #Rhysida that Rhysida had claimed on August 22, 2024.

Given how often we are told that these ransomware groups do retain data even after pinky-swearing and providing videos of it supposedly being destroyed forever, should entities like the law firm above say they have no reason to believe that their data was retained?

The notification letter by Kronick Moskovitz Tiedemann & Girard can be found at https://oag.ca.gov/system/files/KMTG_Individual%20Notice%20Letter%20Sample%203.28.2025_0.pdf

So remember the ransomware attack discovered last July by Columbus, Ohio -- who raced to court to chill the speech of a researcher (David Ross, aka "Goodwolf") who disputed their claims about the breach?

Well, now it comes out that there was also some medical info from emergency services involved in the breach:

https://spectrumnews1.com/oh/columbus/news/2025/02/04/health-information-columbus-cyberattack

They discovered the medical stuff in December and are first sending out letters to those affected now.