Examining the 657 breaches that have been self-reported to California between 2012 and 2015, California Attorney General Kamala Harris has issued a report that summarizes the types of breaches that have occurred and provides suggestions about what companies can do to potentially avoid incidents.

According to the report, malware and hacking have resulted in the largest number of breaches—and the largest number of individuals impacted. Leading the pack in the type of data impacted was social security numbers and medical information. In terms of industry share, the retail sector reported the largest number of breaches to California (25% of breaches and 42% of the records breached).

Based on the findings, Harris recommended, among other things, that companies “make multi-factor authentication available on consumer-facing online accounts that contain sensitive personal information,” that they use strong encryption for portable devices, and that they encourage individuals impacted by a breach to get fraud alerts. The report also recommended harmonization of state breach notice laws.

TIP: The report suggests that those in the retail sector who have not yet suffered a breach may see one in the future. It also gives an idea of what state regulators might expect from companies with respect to security measures the companies have in place.