HARRISBURG — The Pennsylvania attorney general said Wednesday his agency has begun looking into a breach of COVID-19 contact tracing data that may have compromised the private information of some 72,000 people.

“Any allegations of sensitive personal information being mismanaged or leaked is a serious matter,” Attorney General Josh Shapiro, a Democrat, said in a written statement. “My office has opened investigations into this data breach on multiple fronts, and as such we will have no further comment at this time.”

The state Health Department disclosed two weeks ago that employees of a contact tracing vendor ignored security rules and created unauthorized documents outside the state’s secure computer systems.

The company, Atlanta-based Insight Global, acknowledged it mishandled sensitive information and apologized. It said workers had set up unauthorized Google accounts for sharing information, including the names of people who might have been exposed to COVID-19, whether they had any symptoms, how many people lived with them and, in some cases, their email addresses and phone numbers.

Related Video

The state has paid Insight Global about $28.7 million since March 2020.

The Health Department has said some of the records in question associated names with ages, COVID-19 diagnoses and other private information but did not include financial account information, addresses or Social Security numbers.