Anthony told the Boston Herald newspaper that the state has received around 2,200 data breach notification letters from companies and agencies reporting lost or stolen personal information since the law was enacted, affecting around five million state residents.
“We get about 50 [letters] a month. Our reporting law is very stringent. Even if it’s one credit card that’s been lost, the company has to report it to us”, Anthony told the newspaper.
Data breaches in the state range from the relatively innocuous to major events, as illustrated by two incidents in May of this year.
Belmont Savings Bank reported that a back-up computer tape containing the personal information of 13,380 customers accidentally fell in the trash, but it was determined that the tape was incinerated “in the ordinary course” of disposal.
The state's Executive Office of Labor and Workforce announced a virus had infected 1,500 computers at the agency’s offices and career centers, putting as many as 210,000 unemployed residents’ data at risk.
The Massachusetts Attorney General’s office investigates serious data breaches, while Anthony’s office compiles data breach reports and educates consumers and businesses about security risks.
“If you’re storing a lot of sensitive information, you need to take very strong steps to secure that information. If you don’t, and you have a breach, there are going to be problems”, Anthony concluded.