2.5M Calif. Residents Affected by 2012 Data Breaches, AG Reports
Electronic data breaches involving private health and other types of information affected 2.5 million Californians in 2012, according to a report released Monday by California Attorney General Kamala Harris (D), the Sacramento Bee's "Capitol Alert" reports.
Background
A state law passed in 2012 requires companies to report a breach to the attorney general if the incident affects more than 500 consumers.
The AG's report marks the first time such information has been made available to the public, according to "Capitol Alert" (Mantz, "Capitol Alert," Sacramento Bee, 7/1).
Details of Report
The report found that 131 electronic data breaches affecting consumer information took place in California last year. Some of the breaches occurred at state agencies, including the:
- Department of Child Supportive Services;
- Department of Correctional Health Care Services' Privacy Office;
- Department of Corrections and Rehabilitation;
- Department of Health Care Services;
- Department of Justice/CATCH; and
- Department of Social Services (Mantz, Sacramento Bee, 7/2).
The retail industry reported the highest percentage of data breaches, at 26% of the total number of incidences, while the finance and insurance industries made up a combined 23% of the breaches.
Of the total number of breaches:
- 56% involved Social Security numbers; and
- 55% were caused by intentional hacking (Lifsher, "Money & Co.," Los Angeles Times, 7/1).
Harris said that if the data had been encrypted, 1.4 million fewer state residents would have been affected by the breaches (Sacramento Bee, 7/2).
Recommendations
Harris recommended that organizations:
- Encrypt personal information that is moved out of a secure network;
- Review and upgrade security oversight and training; and
- Ensure that notices sent to consumers about data breaches are clearly written ("Money & Co.," Los Angeles Times, 7/1).
The AG also endorsed a bill (SB 46) currently being considered in the state Senate that would require companies to notify consumers if their usernames and passwords are compromised ("Capitol Alert," Sacramento Bee, 7/1).
This is part of the California Healthline Daily Edition, a summary of health policy coverage from major news organizations. Sign up for an email subscription.