A new report from New York State’s Attorney General details the damage to the state’s citizens and organizations from reported data breaches over the last eight years. “Information Exposed: Historical Examination of Data Breaches in New York State” attempts to illustrate the exponential growth in breaches, reports of breaches and some of the related costs, and then gives recommendations on how individuals and companies can better protect themselves.
- Almost 5,000 separate data breaches were reported to the AG’s office between 2006 and 2013.
- These breaches exposed 22.8 million personal records of New Yorkers.
- The number of breaches reported annually more than tripled during the time period.
- 2013 was a record-setting year, with 7.3 million records of New Yorkers exposed.
- Five of the 10 largest breaches reported to the AG have occurred since 2011. These are considered “mega breaches.”
Looking at the financial damages collectively to the state, as opposed to the usual point of view of the individuals or companies affected, the AG’s office says that in 2013 alone, data breaches cost organizations doing business in New York State over $1.37 billion.
The report highlights the data integration involved in Big Data efforts, an extremely high rate of hacking – the leading cause of the data breaches during the time period – and underreported breaches as particular pain points.
What isn’t reported by the AG: All the breaches that weren’t reported to the AG because the companies weren’t required to do so according to New York State law, as well as total consumer losses from these breaches.
The report’s recommendations on data protection practices for organizations and individuals are accompanied by the text of the New York State Information Security Breach and Notification Act and definitions of some of the key terms within that document (the difference between personal information and personal records, for instance), which it appears must now, unfortunately, become required reading.
Kachina Shaw is managing editor for IT Business Edge and has been writing and editing about IT and the business for 15 years. She writes about IT careers, management, technology trends and managing risk. Follow Kachina on Twitter @Kachina and on Google+