Data Breaches Meet Record High, Millions of New Yorkers Exposed
"Breaches too often jeopardize the financial health of New Yorkers and cost the public and private sectors billions of dollars." - Attorney General Eric T. Schneiderman
On Tuesday Attorney General Eric T. Schneiderman announced that his office had received a record breaking number of data breaches for the year 2016. The reported data breaches of 1,300 in 2016 displayed a 60% increase from the previous year along with 1.6 million records of New Yorkers being exposed representing a threefold increase.
“In 2016, New Yorkers were the victims of one of the highest data exposure rates in our state’s history,” said Attorney General Schneiderman. “The total annual number of reported security breaches increased by 60% and the number of exposed personal records tripled. Hacking is increasingly prevalent – making it all the more important for companies and citizens alike to take precaution when sharing and storing personal data. It’s on all of us to guard against those who try to use our personal information for harm – as these breaches too often jeopardize the financial health of New Yorkers and cost the public and private sectors billions of dollars.”
Although hacking represents a large portion of breaches, employee negligence also ranks as a top cause. In 2016 40% of breaches were due to hacking while 37% of the combined incidents due to employee negligence almost tied. In a analysis conducted by the office of the Attorney General the stolen information mainly consisted of social security numbers and financial information. Combined they represented 81% of breaches in New York.
"As part of New York General Business Law Section § 899-aa, entities that experience a breach must notify the OAG, among other entities, and the individuals immediately affected, without unreasonable delay. Entities that suffered a breach exhibited the greatest delay in notification in March. While the difference in shortest and longest amount of time for entities to notify the OAG and consumers is extreme, between one day and several months, the average delays decreased throughout the year" the office of Attorney General informed the public.
"No organization is exempt from the risk of a data breach. Data exposure can occur at small family businesses, government agencies, and large multinational corporations."
The Attorney General’s Office suggests that consumers guard against threats in the following ways:
Create Strong Passwords for Online Accounts and Update Them Frequently. Use different passwords for different accounts, especially for websites where you have disseminated sensitive information, such as credit card or Social Security numbers.
Carefully Monitor Credit Card and Debit Card Statements Each Month. If you find any abnormal transactions, contact your bank or credit card agency immediately.
Do Not Write Down or Store Passwords Electronically. If you do, be extremely careful of where you store passwords. Be aware that any passwords stored electronically (such as in a word processing document or cell phone’s notepad) can be easily stolen and provide fraudsters with one-stop shopping for all your sensitive information. If you hand-write passwords, do not store them in plain sight.
Do Not Post Any Sensitive Information on Social Media. Information such as birthdays, addresses, and phone numbers can be used by fraudsters to authenticate account information. Practice data minimization techniques. Don’t overshare.
Always Be Aware of the Current Threat Landscape. Stay up to date on media reports of data security breaches and consumer advisories.