Attorney General Kamala Harris released a report – California Data Breach Report 2012-2015 – detailing four years’ worth of data breaches her office has seen. From 2012 to 2015, 657 data breaches were reported to the Attorney General’s Office, totaling more than 49 million records of compromised personal information.
Attorney General Harris states in the report, “California is leading the nation with measures to prevent data breaches, but we can do better. This report clearly articulates basic steps that businesses and organizations must take to comply with the law, reduce data breaches, and better protect the public and our national security.”
The report provides details about the common types of data compromised, the industry sectors most susceptible to a breach, and recommendations to reduce the risk of a data breach.
Types of Data
The top three types of data compromised over the past four years:
- Social Security numbers
- Payment card data
- Medical information
The following industry sectors accounted for the most breaches over the past four years:
- Retail sector – 24% of breaches & 42% of records breached
- Financial sector – 18% of breaches & 26% of records breached
- Healthcare sector – 16% of breaches
- Small businesses – 15% of breaches
The Attorney General’s report made the following recommendations to organizations to comply with the state laws and help reduce the likelihood of a data breach occurring:
- Controls: Adopt the Center for Internet Security’s Critical Security Controls as the start of a comprehensive information security program.
- Multi-Factor Authentication: Make multi-factor authentication available on consumer-facing online accounts that contain sensitive personal information.
- Encryption: Consistently use strong encryption to protect personal information on laptops and other portable devices, and consider using it for desktop computers as well.
- Fraud Alert: Encourage individuals affected by a breach of Social Security numbers or driver’s license numbers to place a fraud alert on their credit files and highlight this in breach notices.