The California Data Breach Report has revealed that 18.5 million Californians had their data stolen in 2013.
The data breach report, now in its second iteration, detailed the 167 data breaches that occurred in 2013.
The 18.5 million records is a whopping 600% increase on 2012’s 2.5 million. In California’s defense, it’s worth noting that much of this increase is due to the Target and LivingSocial breaches, each of which exposed approximately 7.5 million Californians’ personal data. If you were to deduct those two breaches, however, there would still be a 35% increase over 2012 (3.5 million).
There was also an increase in the number of data breaches. In 2012 there were 131 breaches, and in 2013 there were 167 – a 28% increase.
California was the first state in America to introduce a data breach notification law in 2002 and has since paved the way for other laws throughout the US.
California Attorney General Kamala Harris told the New York Times, “We are increasingly adopting technology that is putting our data in systems that are ripe for penetration. We have not sufficiently inoculated ourselves. The bad guys have figured out where the vulnerabilities are and learned there is much to be profited and gained from exploiting them.”
Data breaches caused by malware or hacking were responsible for 93% of all compromised records, showing just how bad cyber crime is.
It gets worse. The 2014 Cost of Cyber Crime Study states that the annualized cost of cyber crime in the US is $12.7 million per organization.
“I strongly encourage more use of encryption to significantly reduce the risk of data breaches,” Harris said. I agree with Harris, however it’s vital that organisations don’t encrypt their data then adopt the attitude of “doesn’t matter if our data is stolen, it’s encrypted”.
Encrypting your data isn’t going to protect you from cyber criminals, it’s just going to delay them. If you want to be protected against cyber crime, then you need an information security regime that encompasses your entire organization. Download one of our many ISO 27001 green papers, and you’ll understand what I’m talking about.