Report discloses 131 data breaches in California last year
07/02/2013 12:00 AM
07/02/2013 10:17 AM
Electronic data breaches put the personal information of 2.5 million Californians at risk in 2012, according to a report released Monday by Attorney General Kamala Harris.
State law requires businesses and government agencies to notify consumers when a data breach might have put their personal information at risk. A bill passed in 2012 also requires companies to report a breach to the attorney general when more than 500 consumers' information has been accessed.
The report's description of 131 breaches of consumer information marks the first time the information has been made available to the public.
California law requires companies to report breaches of information whether the breach was malicious or unintentional.
The report details when each breach occurred and what private information was affected. The list of organizations that experienced data breaches in 2012 includes the California Department of Health Care Services, the state Department of Child Supportive Services, American Express and State Farm Insurance.
The retail industry reported the greatest number of breaches, followed by financial institutions and insurance providers.
"Data breaches are a serious threat to individuals' privacy, finances and even personal security," Harris said in a statement. "Companies and government agencies must do more to protect people by protecting data."
Harris recommended companies use encryption and tighter security measures to protect consumer information in the future. If the companies that reported breaches in 2012 had implemented these measures, Harris said, 1.4 million fewer people would have had their information compromised.
John M. Simpson, director of privacy for Consumer Watchdog, commended Harris for "shining a light" on the problem and disclosing this information to the public voluntarily.
"There's been a philosophy on the part of these companies to keep this all quiet," Simpson said. "To me, the consumer's trust is built when someone says, 'OK, this breach has happened, and these are the steps we are going to take.' If you sweep it under the rug, that's no good for the consumers."
Harris also suggested that companies make the notification letters they send to consumers who have had their personal information accessed easier to understand.
A company must notify its customers if their name and driver's license number, credit or debit card information, bank account, Social Security number, medical information or health insurance information has been put at risk.
AT A GLANCE
The 131 data breaches reported to the attorney general's office for 2012 included half a dozen state agencies.
California Department of Health Care Services
California Department of Corrections and Rehabilitation
Privacy Office, California Correctional Health Care Services
California Department of Social Services
California Department of Justice/CATCH
Department of Child Supportive Services
Call Annalise Mantz, Bee Capitol Bureau, (916) 326-5545.
Editor's Choice Videos
Join the Discussion
Merced Sun-Star is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere on the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.