DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Attorney General Kamala D. Harris Releases Report on Data Breaches Reported to State in 2012

Posted on July 2, 2013 by Dissent

I love it when states publicly post the data breach notifications they receive, but California’s Attorney General Kamala Harris just raised the bar for other states by actually analyzing and reporting on the breaches involving California residents. From California’s Attorney her press release:

 Attorney General Kamala D. Harris today released the first report detailing the 131 data breaches reported to her office in 2012, showing that 2.5 million Californians had personal information put at risk through an electronic data breach.

The report found that 1.4 million Californians would have been protected if companies had encrypted data when moving or sending the data out of the company’s network.

“Data breaches are a serious threat to individuals’ privacy, finances and even personal security,” Attorney General Harris said. “Companies and government agencies must do more to protect people by protecting data.”

In 2003, California was the first state to pass a law (AB 700, Simitian) mandating data breach notification, which requires businesses and state agencies to notify Californians when their personal information is compromised in security breach. In 2012, companies and state agencies subject to the law were required for the first time to report any breach that involved more than 500 Californians to the Attorney General’s Office. (SB 24, Simitian)

While not required by law, Attorney General Harris is issuing this report that analyses the data breach notices reported in 2012, provides information to the public about those breaches, and makes recommendations to companies, law enforcement agencies, and the legislature about how data security could be improved. Those recommendations include practices that would decrease the number of data breaches, make it easier for consumers to recover from the loss or theft of their personal information, and call for law enforcement agencies to more aggressively target breaches involving unencrypted personal information.

First, companies should encrypt digital personal information when moving or sending it out of their secure network.  In 2012, encryption would have prevented reporting companies and agencies from putting over 1.4 million Californians at risk. The Attorney General’s Office will make it an enforcement priority to investigate breaches involving unencrypted personal information.

In addition, companies should review and tighten their security controls on personal information, including training employees and contractors.

Companies should make the breach notices they send easier to read. The report found that the average reading level of the notices submitted in 2012 was 14th grade, much higher than the average U.S. reading level of 8th grade. Recipients need to be able to understand the notices so that they can take appropriate action to protect their information.

Finally, the report recommends that legislators consider expanding the law to require notification of breaches involving passwords. Attorney General Harris is supporting legislation, SB 46 by Senator Ellen Corbett, which would require notification of a breach involving a user name or email address, in combination with a password or security question and answer that would permit access to an online account.

Additional key findings of the report include:

  • The average (mean) breach incident involved the information of 22,500 individuals. The median breach size was 2,500 affected individuals, with five breaches of 100,000 or more individuals’ personal information.
  • More than 1.4 million Californians would not have been put at risk, and 28 percent of the data breaches would not have required notification, if the data had been encrypted.
  • The retail industry reported the most data breaches in 2012: 34 (26 percent of the total reported breaches), followed by finance and insurance with 30 (23 percent).
  • More than half of the breaches (56 percent) involved Social Security numbers, which pose the greatest risk of the most serious types of identity theft.
  • More than half of the breaches (55 percent) were the result of intentional intrusions by outsiders or by unauthorized insiders. The other 45 percent were largely the result of failures to adopt or carry out appropriate security measures.

Attorney General Harris established the Privacy Enforcement and Protection Unit in 2012 to enforce federal and state privacy laws regulating the collection, retention, disclosure, and destruction of private or sensitive information by individuals, organizations, and the government. This includes California’s Online Privacy Protection Act, as well as laws relating to cyber privacy, health and financial privacy, identity theft, government records and data breaches.

In October 2012, Attorney General Harris announced a settlement with Anthem Blue Cross over allegations the company breached its members’ personal data by failing to protect their Social Security Numbers.

A complete copy of the data breach report and a list of all 131 breaches are attached to the online version of this release at http://oag.ca.gov.

Attachment:
BREACH REPORT 2012.pdf

List of 2012 Breaches.pdf

List of 2012 Breaches by amantz23

Related posts:

  • Attorney General Kamala D. Harris Releases Data Breach Report; 18.5 Million Californians’ Personal Information Put at Risk
  • California Attorney General Releases Data Breach Report; Over 49 Million Records of Californians’ Personal Information Put at Risk in Last Four Years
  • Commentary: Repeated insider breaches at TD Bank should trigger federal regulator investigation (update 1)
  • Widespread Employee Access to Sensitive Files Puts Critical Data at Risk – Survey
Category: Commentaries and AnalysesOf Note

Post navigation

← MA: Medical records discovered in dumpster
AT&T iPad hacker appeals conviction, long sentence →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.