The number is much larger because of underreporting

Jul 16, 2014 16:45 GMT  ·  By

A report regarding the impact of security breaches on residents of New York revealed that in 2013 sensitive information of almost 29 million individuals has been exposed, in about 5,000 attacks.

Issued by Attorney General Eric T. Schneiderman, the document informs that the total toll of the breaches amounted to more than $1.37 / €1 billion, impacting both the public and the private sector.

Schneiderman draws attention to the fact that organizations should take action to prevent this sort of incidents, suggesting that entities that store electronic information should create and implement the necessary security framework, while individuals can protect themselves through frequent monitoring of financial statement and “practicing their own data-minimization techniques.”

In order to emphasize the need of protective measures for personal information in digital format, the report cites a January 2014 Pew Research poll, which says that one in five Americans had private details stolen; this included Social Security number, credit card or bank account information.

A higher percentage said that their email or social networking accounts had been compromised.

“Data security breaches are more than simply a privacy concern – they can have harmful consequences,” says Schneiderman in the report, bringing information about the fact that all the data lost as a result of intentional security breaches is used for fraudulent purposes.

Since 2006, the New York Attorney General’s Office has learned that most of the intrusions (40%) occurred as a result of hacking; a smaller amount (24%) were due to lost or stolen equipment or information, while insider wrongdoing was attributed 10% of the incidents.

However, the Attorney General admits that these figures may not reflect reality because many of the breaches were not reported. As such, the 22.8 million records may represent only the tip of the iceberg.

“For approximately six months between 2008 and 2009, a team of Russian hackers penetrated Heartland Payment Systems, one of the country’s largest credit card processing systems. By the time the breach was discovered, an estimated 130 million credit card records were stolen across North America,” says the report.

Because the company could not estimate the information loss, the data has not been fully enumerated in the breach logs.

Despite the large amount of incidents reported by the Attorney General, it appears that only 28 of them were responsible for the 80% of the data loss in the past eight years.