Californian Data Breach Victims Soar 600% in 2013

Written by

California’s attorney general has urged the state’s retailers to implement chip-enabled point-of-sale (POS) systems, encryption and other technologies after data breaches rose 28% from 2012 to 2013.

Kamala Harris made the calls in this year’s California Data Breach Report, claiming that retailers accounted for the majority of breach incidents – mainly thanks to two major breaches affecting over 90 million customers of Target and LivingSocial.

She added:

“With the world’s eighth largest economy and more than 38 million consumers, California is uniquely impacted by data breaches. In 2012, 17% of the data breaches recorded in the United States took place in California – more than any other state. Even more troubling, the number of reported breaches in California increased by 28% in 2013.”

While the number of breaches increased from 131 in 2012 to 167 last year, the actual number of records involved soared by a staggering 600% during the period to reach over 18.5 million, the report claimed.

The retail sector accounted for the biggest number (26%) followed by finance and insurance (20%) and healthcare (15%).

More than half of 2013’s breaches were caused by malware and hacking (53%), with the remainder a result of physical loss or theft of storage and computing devices containing unencrypted data (26%), unintentional misuse (18%) and deliberate misuse by insiders (4%).

Unlike other sectors, the vast majority of incidents in the retail sector came as a result of malware and hacking (84%). Only 36% of breaches elsewhere were of this type, the report revealed.

The Golden State was the first in the US to pass mandatory data breach notification laws in 2003 and since 2012 organizations suffering a breach involving over 500 Californians have been forced to notify the attorney general.

However, more needs to be done to fight the scourge of online data theft, said Harris.

Amongst her recommendations were that retailers accelerate POS replacement programs to enable chip and PIN; end-to-end data encryption for card transactions; tokenization for online and mobile payments; and improved notification systems for customers.

What’s hot on Infosecurity Magazine?