California data breach study indicates lack of encryption

Share this article:

A recent study by the California attorney general indicates that 2.5 million residents of the Golden State had their personal information exposed in the 131 online data breaches reported to her office in 2012.

But, more than half of these incidents were easily avoidable.

Attorney General Kamala Harris released a report this month in which she reveals that 1.4 million California residents affected by breaches in 2012 would have been just fine had companies encrypted their data. In fact, the incidents would have never even had to been reported under existing state law if the exposed data was cloaked.

Some other notable 2012 findings include: An average of 22,500 people were affected in each breach incident, with the retail industry reporting the most data leakage incidents, followed by the finance and insurance sectors. More than half of breaches involved Social Security numbers, and five of the reported breaches involved 100,000 or more individuals.

“Data breaches are a serious threat to individuals' privacy, finances and even personal security,” Harris said in a release. “Companies and government agencies must do more to protect people by protecting data.”

Harris has suggestions too. The big one is data encryption, she said, explaining it should always be used. Still, a recent study found that many companies still eschew encryption.

Another suggestion by Harris is for companies and agencies to train employees and contractors as one part of beefing up overall security in an organization. Some in the IT security industry, however, have declared security awareness training to be a waste of time and money.

Other proposals by Harris include improved readability of breach notices, better access to resources for victims of breaches involving Social Security and driver's license numbers, and the passage of legislation mandating notifications of breaches involving the exposure of online credentials, such as usernames and passwords.

California historically has served as a pioneer in terms of data security and privacy laws. In 2003, with a bill known as SB-1386, it became the first state to require notification to victims following a breach.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Federal Trade Commission appoints new chief technologist

The government agency has announced Ashkan Soltani as its new chief technologist, according to a release.

Cybercriminals continue to piggyback on Ebola news

Email samples discovered by researchers at Trustwave reveal how attackers are infecting users with the DarkComet Remote Access Trojan.

ISA president urges state AGs to expand understanding of cybercrime

Speaking at a National Association of State Attorneys General conference, ISA's Larry Clinton asked the AGs to step up efforts to get more resources.