The number of reported data breaches in California shot up by 28 percent, from 131 in 2012 to 167 last year, according to a report released Tuesday by California Attorney General Kamala Harris.
It found that the records of 18.5 million Californians were affected by breaches last year. That's a 600 percent increase from the year before, though the numbers are skewed by two massive incidents involving Target and LivingSocial, which put the personal information of more than 7.5 million California residents at risk. Without those breaches, the number of records affected would have been 3.5 million, a more modest 35 percent increase over 2012.
This is the second year Harris has released information about data breaches, after a 2012 amendment required companies to report to her office any breach involving more than 500 Californians.
The Attorney General's office got reports of breaches from 136 different entities. Six reported more than one incident, including American Express with 21 breaches and Discover Financial Services with seven. (Both companies blamed the credit card processor)
The most frequently stolen and lucrative data for thieves are social security numbers, which accounted for nearly half of incidents last year. The next most popular target is credit or debit card numbers (38 percent of incidents), followed by medical information (19 percent of incidents).
In other findings from the report:
- Retail breaches affected 15.4 million records of Californians, 84 percent of the total
records breached in 2013.
- More than half of the 2013 breaches (53 percent) were caused by computer intrusions
(malware and hacking). The remaining breaches resulted from physical loss or theft of
laptops or other devices containing unencrypted personal information (26 percent),
unintentional errors (18 percent) and intentional misuse by insiders (four percent).
- In 2012-2013, 84 percent of retail industry breaches were the result of malware and
hacking, distinguishing the sector from all others, where 36 percent of breaches were
of this type.
- In 2012-2013, the majority of breaches in the health care sector (70 percent) were
caused by lost or stolen hardware or portable media containing unencrypted data, in
contrast to just 19 percent of such breaches in other sectors.
“Data breaches pose a serious threat to the privacy, finances and personal security of California consumers,” Attorney General Harris said in a statement. “The fight against these kind of cybercrimes requires the use of innovative strategies by government and the private sector to protect our state’s consumers and businesses. I strongly encourage more use of encryption to significantly reduce the risk of data breaches.”