This month Law.com published the results of a study that listed more than 100 law firms that have experienced a data breach. I reviewed the complete list and these include large firms such as Jenner & Block; Proskauer; Alston & Bird; Harris Beach; Heller Ehrman; Jones Day; Latham & Watkins; McDermott, Will, & Emery; Mintz Levin; and Wilson Sonsini. The list includes firms responsible for data that was breached at third party vendors. The study was based on reports made to state authorities, but 20 states don’t require data breaches to be reported. Other states like California only require breaches involving the data of more than 500 people to be disclosed.