On its face, last week’s report that the number of data breaches reported last year to New York’s Attorney General spiked to an all-time high of 1,583 – up 23 percent from 2016 – was not good news.
But behind the numbers are even more disturbing trends. Start with the fact that hacking – the handy work of outside intruders – was the leading cause of reported breaches last year, accounting for 44 percent of reported breaches. Hacking also accounted for nearly 95 percent of all personal information exposed. In second place was employee error or negligence, which represented 25 percent of last year’s reported breaches.
The report, issued by New York Attorney Eric T. Schneiderman, analyzes the data breaches reported to his office in 2017.
Schneiderman called the increase in data breaches a “problem [that] is only getting worse,” and criticized New York’s current data security law as “outdated and toothless” because it only requires entities to report breaches if they include a combination of personal information, and does not require most companies to maintain reasonable data security safeguards.
“[W]e are becoming more vulnerable,” said Schneiderman, who pushed for the passage of the SHIELD Act, which would require New York businesses to implement and maintain reasonable safeguards to protect sensitive information and report any breaches to the state. As we reported late last year in our two part series, the SHIELD Act was introduced in the wake of the Equifax hack.
Two large incidents drove the breach statistics. The Equifax breach accounted for a staggering 90 percent of the 9.2 million New Yorkers affected in 2017. The April 2017 Gamestop breach was the second-largest, exposing the financial data of 111,000 New Yorkers.
Social security numbers and financial account information, such as credit card numbers, represented 73 percent of the personal information that was exposed in last year’s hacks.