May 24, 2022

Data Security: California Attorney General Releases Report on Data Breaches; 2.5 Million Californians Had Personal Information Compromised in 2012

For your “you can never be to careful online” folder. The full text of the report is embedded below.

From Kamala Harris, AG of California:

Attorney General Kamala D. Harris today [July 1, 2013] released the first report detailing the 131 data breaches reported to her office in 2012, showing that 2.5 million Californians had personal information put at risk through an electronic data breach.

The report found that 1.4 million Californians would have been protected if companies had encrypted data when moving or sending the data out of the company’s network.

In 2003, California was the first state to pass a law (AB 700, Simitian) mandating data breach notification, which requires businesses and state agencies to notify Californians when their personal information is compromised in security breach. In 2012, companies and state agencies subject to the law were required for the first time to report any breach that involved more than 500 Californians to the Attorney General’s Office. (SB 24, Simitian)


Additional key findings of the report include:

  • The average (mean) breach incident involved the information of 22,500 individuals. The median breach size was 2,500 affected individuals, with five breaches of 100,000 or more individuals’ personal information.
  • More than 1.4 million Californians would not have been put at risk, and 28 percent of the data breaches would not have required notification, if the data had been encrypted.
  • The retail industry reported the most data breaches in 2012: 34 (26 percent of the total reported breaches), followed by finance and insurance with 30 (23 percent).
  • More than half of the breaches (56 percent) involved Social Security numbers, which pose the greatest risk of the most serious types of identity theft.
  • More than half of the breaches (55 percent) were the result of intentional intrusions by outsiders or by unauthorized insiders. The other 45 percent were largely the result of failures to adopt or carry out appropriate security measures.

See Also: State of California Data Breach Database

Primary Document

California: 2012 Data Breach Report From Office of CA Attorney General, Kamala Harris

Report Also Available at:

About Gary Price

Gary Price ( is a librarian, writer, consultant, and frequent conference speaker based in the Washington D.C. metro area. Before launching INFOdocket, Price and Shirl Kennedy were the founders and senior editors at ResourceShelf and DocuTicker for 10 years. From 2006-2009 he was Director of Online Information Services at, and is currently a contributing editor at Search Engine Land.