Photo Courtesy of the Attorney General’s Office
Attorney General Schneiderman noted that data breaches can drive down credit scores and destroy financial lives.
By Forum Staff
Companies and other entities reported 1,583 data breaches to State Attorney General Eric Schneiderman’s office last year, exposing the personal records of 9.2 million New Yorkers – quadruple the number of people impacted in 2016, according to a recently released report by Schneiderman.
As detailed in “Information Exposed: 2017 Data Breaches in New York State,” New Yorkers’ exposed information consisted overwhelmingly of social security numbers, accounting for 40 percent records exposed, followed by financial account information (such as credit card numbers), accounting for 33 percent of records exposed.
Hacking was the leading cause of the data security breaches at 44 percent, with another 25 percent of breaches due to negligence. Last year saw an increase of more than 23 percent in the total number of reported security breaches affecting New York residents from the previous year, and the number of New Yorkers who had their records exposed more than quadrupled from 2016, increasing by 7,691,025, largely due to the Equifax breach, which compromised the social security numbers of over 145 million people in the United States, including 8,447,840 in New York. The other Empire State mega-breach (a breach that affects over 100,000 New Yorkers) of 2017 was at GameStop. Discovered by the company on April 18, the hack exposed the financial information of more than 111,000 New Yorkers.
In 2017, the exposure rate of New Yorkers’ personal information was the highest since NYAG started receiving data breach notices in 2006, Schneiderman noted.
“Data breaches can cause personal crises for New Yorkers every time they happen – driving down credit scores and destroying financial lives,” Schneiderman said. “We saw a record number of data breaches in 2017, jeopardizing the personal information of 9.2 million New Yorkers. My office will continue to hold companies accountable for protecting the personal information they manage – but it’s also time for Albany to bring our laws into the 21st century and ensure that New Yorkers are not needlessly victimized by weak data security and criminal hackers.”
The attorney general cited his Stop Hacks and Improve Electronic Data Security Act, which he introduced last fall. According to Schneiderman, under the SHIELD Act, companies would have a legal responsibility to adopt “reasonable” administrative, technical, and physical safeguards for sensitive data; the bill also would expand the types of data that trigger reporting requirements.
The AG has also pledged to introduce legislation to require Facebook and other social media sites to notify his office and New York consumers when they learn that users’ personal data was obtained and misused in violation of the law or the platform’s terms of service.
Schneiderman suggested that consumers guard against threats:
• Create Strong Passwords for Online Accounts and Update Them Frequently: Use different passwords for different accounts, especially for websites where you have disseminated sensitive information, such as credit card or Social Security numbers.
• Carefully Monitor Credit Card and Debit Card Statements Each Month: If you find any abnormal transactions, contact your bank or credit card agency immediately.
• Do Not Write Down or Store Passwords Electronically: If you do, be extremely careful of where you store passwords. Be aware that any passwords stored electronically (such as in a word processing document or cell phone’s notepad) can be easily stolen. If you hand-write passwords, do not store them in plain sight.
• Do Not Post Any Sensitive Information on Social Media: Don’t overshare. Information such as birthdays, addresses, and phone numbers can be used to authenticate account information.
• Always Be Aware of the Current Threat Landscape: Stay up to date on media reports of data security breaches and consumer advisories.
