California Attorney General publishes data breach report

Jul 2, 2013 11:34 GMT  ·  By

According to a study released on Monday by California Attorney General Kamala D. Harris, the data breaches reported to her office in 2012 have exposed the personal information of 2.5 million Californians.

The study shows that 131 data breaches were reported last year, most of them coming from the retail industry, followed by finance and insurance sectors.

Interestingly, the Attorney General found that 1.4 million of the impacted Californians would have been protected if the breached companies had encrypted their data when moving it or sending it outside their networks.

On average, each breach involved the information of 22,500 individuals. However, it’s worth noting that five of the incidents exposed the details of 100,000 or more people.

The most worrying fact is that 56% of the breaches reported to the AG involved social security numbers.

So what’s the cause of the data breaches? In 45% of cases, failure to adopt or carry out appropriate security measures was named as being the cause.

In 55% of cases, intentional intrusions by outsiders or by unauthorized insiders were blamed.

“Data breaches are a serious threat to individuals' privacy, finances and even personal security,” Attorney General Harris commented. “Companies and government agencies must do more to protect people by protecting data.”

The report also provides some advice for both companies and legislators.

Companies are advised to make sure personal information is encrypted when it’s transmitted, review and tighten their security controls on personal data, and make their data breach notices easier to read.

On the other hand, legislators are recommended to consider expanding the current law to force companies to disclose breaches that involve passwords as well. Attorney General Harris says she’s supporting Senator Ellen Corbett’s legislation that would require organizations to report breaches that involve information that can be used to access online accounts.

The complete report is available here.