ALM Properties, Inc.
Page printed from: Corporate Counsel
Select 'Print' in your browser menu to print this document.
Report Details Data Breaches in California
The personal information of 2.5 million Californians was compromised by 131 electronic data breaches in 2012, according to a report released Monday by the office of Attorney General Kamala Harris.
In 56 percent of the cases, customers' Social Security numbers were exposed. The retail industry reported the largest number of breaches with 34 while finance and insurance companies trailed close behind with 30.
California law requires state agencies and businesses to alert customers when their personal information is exposed. And starting in 2012, those agencies and businesses were forced to start notifying the attorney general's office as well.
The notoriety surrounding data breaches and thefts has led to a boom in sales of so-called cyberinsurance, which offers protection beyond a company's typical theft coverage, said Pillsbury Winthrop Shaw Pittman partner Vincent Morgan.
With potentially enormous costs associated with investigating and stopping a breach, notifying customers and settling third-party liability issues, cyberinsurance "is no longer a niche product," Morgan said.
Valve Corp., an online game software corporation, reported one of the biggest intrusions last year. Online hackers gained access to the Social Security numbers and payment card information of 509,000 people, according to the AG's office.
Not every breach was caused by a hacker or resulted in identity theft. And many of the protection failures were unintentional — someone misdirected an email or lost a computer storage device, according to the report.
Whatever the cause of the data intrusions, more than half of the 2.5 million consumers could have been protected if their information had been encrypted, the attorney general said.
"It is my strong recommendation that companies and agencies implement encryption as a basic protection and reasonable security measure to help them meet their obligation to safeguard personal information entrusted to them," Harris said in a prepared statement.
This article originally appeared in The Recorder.