In Report, California Says 2.5 Million Residents at Risk in Data Breaches

Organizations Now Mandated to Report to State

Electronic data breaches put the personal information of 2.5 million Californians at risk in 2012, according to a report released days ago by Attorney General Kamala Harris.

State law requires businesses and government agencies to notify consumers when a data breach might have put their personal information at risk. A bill passed in 2012 also requires companies to report a breach to the attorney general when more than 500 consumers information has been accessed.

The report description of 131 breaches of consumer information marks the first time the information has been made available to the public.

California law requires companies to report breaches of information whether the breach was malicious or unintentional. The California landmark law on data breach notification, which requires businesses and state agencies to notify Californians when their personal information is compromised in a security breach, took effect in 2003.

Since then, all but four states have enacted similar laws. In addition, the federal government requires breach notification in the health care sector, and other jurisdictions around the world are considering and enacting such laws. The authors of the California law stated that its intent was to give consumers early warning that they were at risk of identity theft, so they could take defensive action.

Criminals are making use of breached information to commit fraud, with nearly one in four recipients of breach notices in the U.S. becoming identity theft victims, more than four times the rate of the general population in 2012.

The law also opened a window on privacy and security practices for companies, researchers, and policy makers. In 2012, for the first time, those subject to the California law were required to provide copies of their notices to the Attorney General when the breach involved more than 500 Californians.

Key Findings

In 2012, the Attorney General received reports of 131 data breaches, each affecting more than 500 California residents.

The average breach incident involved the information of 22,500 individuals. The median breach size was 2,500 affected individuals, with five breaches of 100,000 or more individual personal information.

More than 2.5 million Californians were put at risk by data breaches in 2012.

More than 1.4 million Californians would not have been put at risk, and 28 percent of the data breaches would not have required notification, if the data had been encrypted.

The retail industry reported the most data breaches in 2012 with 34 or 26 percent of the total reported breaches, followed by finance and insurance with 30 at 23 percent.

More than half of the breaches 56 percent involved Social Security numbers, which pose the greatest risk of the most serious types of identity theft.

More than half of the breaches 55 percent were the result of intentional intrusions by outsiders or by unauthorized insiders. The other 45 percent were largely the result of failures to adopt or carry out appropriate security measures.

The average reading level of the breach notices submitted in 2012 was 14th grade.

Pandemics, Recessions and Disasters: Insider Threats During Troubling Times

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Industrial Cybersecurity: What Every Food & Bev Executive Needs to Know

ON DEMAND: There's a lot at stake when it comes to cybersecurity. Reputation, productivity, quality. Join us to discuss the future of your global security strategy and a path forward with trusted partners Cisco and Rockwell Automation, and turn your Food & Bev security challenges into strategic advantages that drive business value.

Poll

Who has ownership or primary responsibility of video surveillance at your enterprise?

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

In Report, California Says 2.5 Million Residents at Risk in Data Breaches

Organizations Now Mandated to Report to State

Blog Topics

Security Blog

On the Track of OSAC

Recent Comments

Insufficient information

Thankyou so much for sharing such an informative...

I just wish my mechanical lock had a...

security

Security

Blog Roll

Security Industry Association

Security Magazine's Daily News

SIA FREE Email News

SDM Blog

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.