NY Attorney General Reports 7.3 Million Records Exposed in 2013

By Annie Wu, Epoch Times

An alarming increase in data security breaches is costing New Yorkers billions of dollars, State Attorney General Eric T. Schneiderman warned in a report released Tuesday.

In 2013 alone, 7.3 million records from New Yorkers were exposed. Last year, breaches against organizations doing business in New York state cost over $1.37 billion.

Many New Yorkers were affected by the hacking attacks on retailer company, Target, and the e-commerce website, Living Social, last year, according to the report. Across the country, millions of customers who used their credit and debit cards at Target had their information stolen; while users of Living Social had their names, email addresses, and passwords exposed.

An analysis by the attorney general’s office revealed that the number of reported data breaches more than tripled between 2006 and 2013. In that seven-year period, 22.8 billion personal records from New Yorkers were exposed in roughly 5,000 instances of data breaches.

Nearly 40 percent of all breaches were due to hacking, making it the No. 1 cause of data breaches. The next top causes of the breaches were lost or stolen documents and equipment, insider wrongdoing, and inadvertently exposing one’s data by mistake.

The report also showed that retailers, financial services, and health care providers were the industries most vulnerable to data breaches. The health care industry, for example, exposed the highest number of personal records from New Yorkers since 2006, at over 1 million records.

The attorney general’s office noted that actual numbers may be higher than what is reported, because some companies don’t have accurate calculations on how many records have been compromised. Others, like the online shoe and clothing company, Zappos, did not report details of its 2011 data breach to the attorney general’s office because the breach did not expose customers’ full credit card or social security numbers, which under the state’s laws means notification would not be required.

The attorney general gave recommendations on how to protect one’s information, such as using encryption, creating different passwords for different accounts, and avoiding posting sensitive information on social media.

Follow Annie on Twitter: @annieeenyc