Wednesday, July 16, 2014
 

 

Join our E-Mail list!
Send an e-mail request to
subscribe@empirestatenews.net,
with the word "Subscribe" in the
subject line.

 

For site information and
viewing tips, click here.


All content copyright © 2003-2007
Statewide News Network, Inc.
Contents may not be reproduced
in any form without express written consent

A.G. releases report showing rise in data breaches

NEW YORK – Attorney General Eric Schneiderman issued a new report examining the growing number, complexity, and costs of data breaches in the New York State. Using information provided to the Attorney General’s Office pursuant to the New York State Information Security Breach & Notification Act, the report, titled "Information Exposed: Historical Examination of Data Security in New York State, analyzes eight years of security breach data and how it has impacted New Yorkers. 

The report reveals that the number of reported data security breaches in New York more than tripled between 2006 and 2013. In that same period, 22.8 million personal records of New Yorkers have been exposed in nearly 5,000 data breaches, which have cost the public and private sectors in New York upward of $1.37 billion in 2013. In addition, the report also found that hacking intrusions – in which third parties gain unauthorized access to data stored on a computer system – were the leading cause of data security breaches, accounting for roughly 40 percent of all breaches. Attorney General Schneiderman’s report also presents new recommendations on steps that both organizations and consumers can take to protect themselves from data loss.

“As we increasingly share our personal information with stores, restaurants, health care providers and other organizations, we should be able to enjoy the benefits of new technology without putting ourselves at risk. Unfortunately, our expansive look at data breaches found that millions of New Yorkers have been exposed without their knowledge or consent. It’s clear that a broad, concerted public education campaign must take place to ensure that all of us – from large corporations, to small businesses and families – are better protected,” said  Schneiderman. “Moving forward, I will advocate for collaboration between industry and security experts to ensure that organizations across the state and country have access to the tools needed to secure our data, so we can best address this complex and growing problem.”

2013 was a record-setting year in data security breaches, during which 7.3 million records of New Yorkers were exposed in more than 900 data security breaches. The massive number of affected New Yorkers in 2013 was largely driven by two retail mega-breaches at Target and Living Social, which have led some to dub 2013 “The Year of the Retailer Breach.” So-called mega-breaches have also becoming increasingly common: Five of the 10 largest breaches reported to the Attorney General’s Office have occurred since 2011.

No organization is exempt from this trend: In the eight-year period analyzed by today’s report, a widely diverse set of organizations ranging from local family businesses to large multinational corporations reported data security breaches to the Attorney General’s Office. While the most recent and widely publicized mega-breaches have involved retailers, data breaches have also impacted the health care and financial services industries.

The demand on secondary markets for stolen information remains robust. Freshly acquired stolen credit card numbers can fetch up to $45 per record, while other types of personal information, such as Social Security numbers and online account information, can command even higher prices. Non-financial information can be even more valuable, as fraudulent use is more difficult to detect and the information can be used for a broader range of purposes. For example, a stolen Facebook account can provide an access point to a wide range of user accounts, or can be used as a vehicle to steal information from others within that individual’s social network.

Despite the risks posed by data security breaches, individuals and organizations can take practical steps to better guard themselves from threats. While it may be impossible to completely prevent data loss, organizations that implement data security plans can greatly reduce the harm caused by a data security breach. In addition, individuals can remain vigilant and take action to protect themselves against breaches.