California data breach study indicates lack of encryption

Share this article:

A recent study by the California attorney general indicates that 2.5 million residents of the Golden State had their personal information exposed in the 131 online data breaches reported to her office in 2012.

But, more than half of these incidents were easily avoidable.

Attorney General Kamala Harris released a report this month in which she reveals that 1.4 million California residents affected by breaches in 2012 would have been just fine had companies encrypted their data. In fact, the incidents would have never even had to been reported under existing state law if the exposed data was cloaked.

Some other notable 2012 findings include: An average of 22,500 people were affected in each breach incident, with the retail industry reporting the most data leakage incidents, followed by the finance and insurance sectors. More than half of breaches involved Social Security numbers, and five of the reported breaches involved 100,000 or more individuals.

“Data breaches are a serious threat to individuals' privacy, finances and even personal security,” Harris said in a release. “Companies and government agencies must do more to protect people by protecting data.”

Harris has suggestions too. The big one is data encryption, she said, explaining it should always be used. Still, a recent study found that many companies still eschew encryption.

Another suggestion by Harris is for companies and agencies to train employees and contractors as one part of beefing up overall security in an organization. Some in the IT security industry, however, have declared security awareness training to be a waste of time and money.

Other proposals by Harris include improved readability of breach notices, better access to resources for victims of breaches involving Social Security and driver's license numbers, and the passage of legislation mandating notifications of breaches involving the exposure of online credentials, such as usernames and passwords.

California historically has served as a pioneer in terms of data security and privacy laws. In 2003, with a bill known as SB-1386, it became the first state to require notification to victims following a breach.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.