18.5 Million Californians' Personal Data Exposed in 2013

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

California Attorney General Kamala Harris recently released the second annual California Data Breach Report [PDF], which details the 167 data breaches disclosed in 2013 that exposed 18.5 million California residents' personal information.

That's an increase of more than 600 percent from 2012, which saw 2.5 million Californians affected by data breaches.

According to the report, the massive increase was largely due to the Target and LivingSocial breaches, each of which exposed approximately 7.5 million Californians' personal data.

The total number of data breaches reported to the California attorney general's office increased by 28 percent, from 131 in 2012 to 167 in 2013.

"We are increasingly adopting technology that is putting our data in systems that are ripe for penetration," Harris told the New York Times. "We have not sufficiently inoculated ourselves. The bad guys have figured out where the vulnerabilities are and learned there is much to be profited and gained from exploiting them."

Fifty-three percent of all data breaches in 2013 were caused by computer intrusions such as malware and hacking; 26 percent were caused by the loss or theft of laptops or other devices holding unencrypted personal data; 18 percent were caused by unintentional errors; and 4 percent were caused by intentional misuse.

Breaches caused by malware and hacking caused fully 93 percent of all compromised records.

And these breaches can have a significant financial impact -- the Ponemon Institute's 2014 Cost of Cyber Crime Study found that the annualized cost of cybercrime in the U.S. has reached $12.7 million per organization.

Harris' report urges the healthcare industry to use strong encryption to protect medical information on laptops and other portable devices, and to consider encryption for desktop computers.

For retailers, the report recommends updating point-of-sale terminals so they're chip-enabled; encrypting payment card data from the point of capture until completion of transaction confirmation; implementing appropriate tokenization solutions to devalue payment card data; and responding promptly to breaches that occur in retail systems.

"Data breaches pose a serious threat to the privacy, finances and personal security of California consumers," Harris said in a statement. "The fight against these kind of cybercrimes requires the use of innovative strategies by government and the private sector to protect our state's consumers and businesses."

"I strongly encourage more use of encryption to significantly reduce the risk of data breaches," Harris added.

The full report, which offers detailed recommendations for all industry sectors, is available here.

A recent eSecurity Planet article offered advice on how to respond to a data breach, from conducting a security audit to consulting with data privacy counsel.