California law would require breach notice if online account information is stolen

Share this article:

The state Senate in California unanimously has passed a law that would require organizations that are breached to alert victims when intruders access online account information belonging to consumers.

Existing state law only requires notification when unauthorized individuals obtain "unencrypted Social Security numbers, driver's license numbers, medical information, health insurance information and specific financial account information, such as credit card numbers with security codes," according to Senate Majority Leader Ellen Corbett, who introduced the measure.

The new legislation, passed last week, would amend the definition of "personal information" under the state's breach notification law to also include "a username or email address, in combination with a password or security question and answer that would permit access to an online account."

Many consumers use the same login information across several websites, so theft of this data from one entity could allow fraudsters to potentially raid other accounts, such as online banking. According to documents chronicling the bill's history, it appears the flurry of mega password breaches this year, affecting companies like Yahoo and LinkedIn, prompted the update to the breach notification law.

“Cyber criminals are becoming increasingly savvy, particularly now that more individuals are using laptops, smartphones and even tablets to conduct personal business and shop online," Corbett said in a statement. "It is critical that consumers are informed whenever their information is accessed or stolen to minimize potential theft and damages."

The bill, dubbed SB-46, now makes its way to the state Assembly.

In 2003, California was the first state to enact a data breach notification law. Since then, nearly all other states have followed suit. There is no federal law, though there are national notification guidelines related to health care breaches.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Tinba variant aimed at U.S., international banks

Tinba variant aimed at U.S., international banks

Researchers at AVAST have unlocked a Tinba variant and discovered it has been customized to target U.S. financial institutions.

Adobe makes delayed updates for Reader, Acrobat available

The Reader and Acrobat fixes were delayed a week due to issues found during testing.

Nigerian police search for ringleader in major bank heist

The suspect, Godswill Oyegwa Uyoyou, conspired with others to hack bank systems and divert 6.28 billion Naira to mule accounts.