New Attorney General Report Finds that 2.5 Million Californians Put at Risk by Electronic Data Breaches

CALPIRG education Fund

San Francisco, CA — Earlier today, California Attorney General Kamala Harris released a new report detailing the 131 electronic data breaches reported to her office in 2012 that put 2.5 million Californians at risk by exposing their personal information. In a world where data increasingly travels electronically, this is alarming for consumers.

The Attorney General’s report found that 45 percent of these data breaches happened because of company failure to adopt or carry out the needed security measures to safeguard consumer data. In fact, 10 percent of the breaches (13) were caused by insiders — employees, contractors, vendors and customers — who deliberately accessed systems and data without proper authority. Among calling for better training of employees and contractors, the report urges companies to review and tighten their security protocols for personal information.

“Businesses today ask us to trust them with our personal data, but we’re seeing that trust violated too often,” noted Jon Fox, consumer advocate with CALPIRG Education Fund. “These new findings from the Attorney General’s office highlight that companies are not doing enough to encrypt and protect our personal information to prevent criminals from getting their hands on it.”

The new report highlights the real risks consumers face because of negligent data protection measures. Specifically, the Attorney General’s report found that 1.4 million Californians would have been protected if companies had encrypted data when transferring sensitive consumer information out of the company’s network.

The Attorney General’s report found that the retail industry led in 2012 with 34 reported data breaches (26 percent of the total), followed by the finance and insurance industries with 30 (or 23 percent). Not surprisingly, the most common type of information exposed was payment card information in 53 breaches (40 percent), followed by health or medical information in 22 breaches (17 percent). Of particular concern to consumers is how over half of these breaches (56 percent) involved Social Security numbers, which poses the highest risk of serious identity theft.

“As our information is increasingly being transferred over the internet, companies must prioritize keeping our personal data safe,” said Jon Fox, “And good data security requires businesses to invest resources, thought and effort. They shouldn’t be cutting corners and saving money at our expense.”

CALPIRG Education Fund recommends that businesses implement the Fair Information Practice Principles — a set of widely accepted principles for safeguarding individuals’ personal information including:

• Transparency: Inform consumers about how you are using or transmitting user data.
• Necessity: Don’t collect more data than you need.
• User-Control: Give consumers the fullest possible control over how their data is used and with whom it is shared.
• Security: Use reasonable and up-to-date security protocols to safeguard data.

The CALPIRG Education Fund has created an online resource page for those Californians who feel they may have become victims of identity theft, available online at http://calpirg.org/idtheft

END

– ### –

The California Public Interest Research Group (CALPIRG) Education Fund is a results-oriented public interest group that protects consumers, encourages a fair sustainable economy, and fosters responsive democratic governance.