A record 1.6 million New Yorkers were affected by data breaches in 2016, according to a March 21 press release issued by State Attorney General Eric Schneiderman. The number of people impacted by data breaches in 2016 represents nearly a threefold increase over 2015 numbers; likewise, the 1,300 data breaches reported to the attorney general’s office in 2016 represent a 60% increase over the prior year.
The attorney general’s office stated that hacking and inadvertent disclosure were the two leading causes of data security breaches in 2016. According to the attorney general’s statement, hacking accounted for 40% of data security breaches. Employee negligence, which the attorney general’s office says consists of a combination of “inadvertent exposure of records, insider wrongdoing, and the loss of a device or media,” accounted for nearly 37% of all data breaches in the state. Social Security numbers and financial account information together accounted for 81% of the information acquired through data breaches in New York. Driver’s license numbers (8%), date of birth (7%) and password/account information (2%) were the next most popular pieces of personal information obtained in breaches.
Although 2016 saw a record number of breaches, the attorney general’s report noted that only two “mega-breaches” figured among them, compared to 28 between 2006 and 2013. The attorney general’s office first began collecting information regarding exposure of personal data in 2005 when New York State Business Law was amended to require all businesses to report security breaches of their computerized data systems containing private consumer information. The state estimates that security breaches cost the public and private sectors billions of dollars each year.