California Reports 49 Million Records Breached in Four Years

Back Bloomberg Feb 19, 2016 By Joel Rosenblatt

More than 49 million personal information records of California residents were compromised in 657 data breaches from 2012 to 2015, state Attorney General Kamala Harris said in a report citing tips on how people and businesses can protect themselves.

Harris issued the report Tuesday as she spoke on the subject at a conference at Stanford University. The retail sector accounted for 24 percent of companies whose data was breached, while 18 percent of intrusions were reported by financial firms, according to the report. Social Security numbers, payment card data and medical information were the top three types of data stolen over the past four years, according to Harris.

Harris, a Democrat running to succeed U.S. Senator Barbara Boxer, issued the report as data breaches worldwide mount. Hacks have been reported in the last three years at Home Depot Inc., JPMorgan Chase & Co., EBay Inc., health insurer Anthem Inc., and VTech Holdings Ltd. of Hong Kong. Target Corp. has agreed to pay about $39 million to banks and credit unions to resolve losses from a 2013 holiday-season data breach.

Following the large retailer breaches in 2013, Harris’s office encouraged quick adoption of more highly secured, chip- enabled, or EMV, payment cards, according to the report. Unlike magnetic stripe cards, which can be used to create counterfeit credit cards, EMV creates a one-time code for each transaction.

While 98 percent of payment cards issued by banks in the U.S. now contain chips, “retailers have more work to do in upgrading their terminals to accept” such cards, with a full transition to EMV not expected until the end of 2017, according to the report.

To combat breaches, the report suggests organizations adopt security controls outlined by the Center for Internet Security, which says it relies on government and industry partnerships to arrive at best practices. Other recommendations include making multi-factor authentication available on consumer accounts and using strong encryption to protect personal information on laptops and portable devices.