California data breach study indicates lack of encryption

Share this article:

A recent study by the California attorney general indicates that 2.5 million residents of the Golden State had their personal information exposed in the 131 online data breaches reported to her office in 2012.

But, more than half of these incidents were easily avoidable.

Attorney General Kamala Harris released a report this month in which she reveals that 1.4 million California residents affected by breaches in 2012 would have been just fine had companies encrypted their data. In fact, the incidents would have never even had to been reported under existing state law if the exposed data was cloaked.

Some other notable 2012 findings include: An average of 22,500 people were affected in each breach incident, with the retail industry reporting the most data leakage incidents, followed by the finance and insurance sectors. More than half of breaches involved Social Security numbers, and five of the reported breaches involved 100,000 or more individuals.

“Data breaches are a serious threat to individuals' privacy, finances and even personal security,” Harris said in a release. “Companies and government agencies must do more to protect people by protecting data.”

Harris has suggestions too. The big one is data encryption, she said, explaining it should always be used. Still, a recent study found that many companies still eschew encryption.

Another suggestion by Harris is for companies and agencies to train employees and contractors as one part of beefing up overall security in an organization. Some in the IT security industry, however, have declared security awareness training to be a waste of time and money.

Other proposals by Harris include improved readability of breach notices, better access to resources for victims of breaches involving Social Security and driver's license numbers, and the passage of legislation mandating notifications of breaches involving the exposure of online credentials, such as usernames and passwords.

California historically has served as a pioneer in terms of data security and privacy laws. In 2003, with a bill known as SB-1386, it became the first state to require notification to victims following a breach.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.

Hacker sentenced to 30 months in prison and $300k restitution

Hacker sentenced to 30 months in prison and ...

Lamar Taylor was sentenced in New Jersey this past week for allegedly participating in a cybercrime scheme that accounted for more than $15 million.

Progress on national breach notification law may stall

A bill, which would require a national reporting standard, has failed to make it before the Senate or House this year.