A new report this week from Attorney General Kamala Harris presents some alarming figures about data breaches in California since 2012.
"In the last four years, nearly 50 million records of Californians have been breached and the majority of these breaches resulted from security failures. Furthermore, nearly all of the exploited vulnerabilities, which enabled these breaches, were compromised more than a year after the solution to patch the vulnerability was publicly available. It is clear that many organizations need to sharpen their security skills, trainings, practices, and procedures to properly protect consumers," Harris writes in the California Data Breach Report, available online here.
Since 2012, businesses and government agencies have been required to report data breaches affecting more than 500 Californians to the Attorney General's Office. More than 650 breach incidents have been sent in during the past four years.
The annual comprehensive report notes that the total number of breaches did not increase between 2014 and 2015, but the number of Californians affected increased from 4.3 million in 2014 to over 24 million in 2015.
"In 2015, there were four incidents that each breached the information of over two million Californians: Anthem at 10.4 million was the largest, followed by UCLA Health at 4.5 million, next was PNI Digital Media with 2.7 million Californian customers of online photo centers (Costco, RiteAid, and CVS) that it services, and finally, T-Mobile/Experian at 2.1 million," the report says.
The breaches come from malware and hacking, physical breaches and breaches caused by errors, according to the attorney general. About 90 percent of the breached records in California came from malware and hacking, which the report called the "greatest threat."
Social Security numbers were the type of data most often breached, occurring in nearly half of all breaches reported since 2012.
