For your “you can never be to careful online” folder. The full text of the report is embedded below.
Attorney General Kamala D. Harris today [July 1, 2013] released the first report detailing the 131 data breaches reported to her office in 2012, showing that 2.5 million Californians had personal information put at risk through an electronic data breach.
The report found that 1.4 million Californians would have been protected if companies had encrypted data when moving or sending the data out of the company’s network.
In 2003, California was the first state to pass a law (AB 700, Simitian) mandating data breach notification, which requires businesses and state agencies to notify Californians when their personal information is compromised in security breach. In 2012, companies and state agencies subject to the law were required for the first time to report any breach that involved more than 500 Californians to the Attorney General’s Office. (SB 24, Simitian)
Additional key findings of the report include:
- The average (mean) breach incident involved the information of 22,500 individuals. The median breach size was 2,500 affected individuals, with five breaches of 100,000 or more individuals’ personal information.
- More than 1.4 million Californians would not have been put at risk, and 28 percent of the data breaches would not have required notification, if the data had been encrypted.
- The retail industry reported the most data breaches in 2012: 34 (26 percent of the total reported breaches), followed by finance and insurance with 30 (23 percent).
- More than half of the breaches (56 percent) involved Social Security numbers, which pose the greatest risk of the most serious types of identity theft.
- More than half of the breaches (55 percent) were the result of intentional intrusions by outsiders or by unauthorized insiders. The other 45 percent were largely the result of failures to adopt or carry out appropriate security measures.
See Also: State of California Data Breach Database
Report Also Available at: http://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/2012data_breach_rpt.pdf