The supply chain cyberattack against the U.S. government and private sector will force affected companies to reckon with dozens of state data breach notification laws and other disclosure requirements.
The patchwork of state notification statutes, with differing definitions of what constitutes a breach and what types of personal information are included, will be another headache for businesses investigating the fallout, attorneys say.
The attack hit U.S. federal agencies and private companies, including technology giant