More than 49M Californians data breached over last four years — state AG
SACRAMENTO, Calif. — The records of more than 49 million Californians have been subject to a breach in the last four years, according to a new report released Tuesday by state Attorney General Kamala Harris.
And the count has been rapidly rising, according to Harris. The number of Californians affected by a breach jumped “exponentially” from 4.3 million in 2014 to over 24 million in 2015, she said while unveiling the report at an event hosted by Stanford University.
In all, California been hit by 178 data breaches over the past year, Harris said — and as many as three in five Californians may have been victims of a data breach in 2015 alone. Retailers, financial and health care companies were the most frequently affected, with Social Security numbers, health records and credit card information most at risk, according to the report.
Malware and hacking presented the greatest threat and were often unreported for up to 12 months after a patch was created and launched, the report found.
Harris, who is running to succeed retiring Democratic U.S. Sen. Barbara Boxer, said the widespread use of smartphones and other connected devices means more personal data is being collected. That becomes lucrative target for sophisticated hackers, she said.
The report comes after a 2012 law requiring companies to report hacks affecting more than 500 Californians to the state Department of Justice.
In the report, Harris’ office offered several recommendations, including that organizations adopt the 20 Center for Internet Security’s Critical Security Controls, a minimum level of information security standards. Organizations should also encrypt personal information accessed on laptops and other devices and consider using it for desktop computers as well.
Meanwhile, it also encouraged state lawmakers to streamline laws concerning breaches.
“That’s the floor, not the ceiling, that’s the minimum, that’s the baseline of what they can do. There are a set of federal and state statutory requirements and then just industry practices that mandate what these organizations can do to ensure reasonable privacy standards,” Harris said.
She said one goal of the recommendations was the safeguard citizens’ privacy.
“We explicitly in our Constitution outline privacy as an inalienable right,” Harris said.
