New York firms have been required to report breaches under state law since 2005
New York firms have been required to report breaches under state law since 2005

New York data breaches have reached new heights according to the state's Attorney General Eric Schneiderman. Security breaches skyrocketed by 60 percent in 2016.

Firms reported 1,300 breach incidents involving the data of 1.6 million New York state residents. Hacking was the prime cause, appearing in 40 percent of reports. Insider breaches followed, constituting 37 percent of breaches. The remainder compriseda variety of causes including device theft and ‘merchant missteps'.

"Hacking is increasingly prevalent — making it all the more important for companies and citizens alike to take precautions when sharing and storing personal data," said Schneiderman. “These breaches too often jeopardise the financial health of New Yorkers and cost the public and private sectors billions of dollars.”

The data stolen bythe breaches was not trivial either. In the large majority of cases, 81 percent, either social security numbers or financial information was taken.

New York firms have been required to report breaches since 2005, after the Information Security Breach and Notification Act was enacted. The last time data was released on the reporting mechanism was 2014. The disclosure revealed that over eight years of records, the data of nearly 23 million residents had been compromised.

That included 28 so called “mega breaches” between 2006 and 2014. 2016 only witnessed two such breaches, but both were larger and exposed far more information. The breach on Newkirk products exposed the data of 700,000 and another at HSBC revealed the information of 250,000. These two breaches alone made up the majority of 2016's 1.6 million victims.

When EU GDPR comes into force next year all companies holding data on EU citizens will be required to report breaches, enabling comparisons to be made between the level of breaches experienced in different locations.