Hackers hit data of 18.5M Californians in mostly retail breaches


There is a continuing increase in massive data breaches over the past few years and that reportedly won't change anytime soon.

In California alone there were 167 data breaches last year, which is 28 percent higher than the 131 data breaches the year prior.

"We are increasingly adopting technology that is putting our data in systems that are ripe for penetration," said Kamala D. Harris, California's attorney general. "We have not sufficiently inoculated ourselves. The bad guys have figured out where the vulnerabilities are and learned there is much to be profited and gained from exploiting them."

Harris continued to say that in the first 10 months of 2014, data breaches are up 30 percent from 2013.

Most of the data breaches that occurred last year, in fact 53 percent of them, were intentionally done by hackers, with 26 percent being attributed to the loss of a computer or other device. This proves what many already knew - much more information can be stolen through hacking than through the loss of a device.

In total, 18.5 million Californian residents were victim of data breaches last year, according to the report. The biggest target for hackers last year was the retail industry, with retail breaches affecting 15.4 million records of California residents. This was 84 percent of the records compromised. The second most popular target was companies in the financial sector, making up 20 percent of breaches. Next were health care companies, comprising 15 percent of all data breaches.

The type of data that was being stolen was also revealed. Social Security numbers were the most frequently stolen pieces of data in 2013, which is unsurprising considering how much they can sell for on the black market. They sell for more than debit card information, largely because the amount of fraud from Social Security numbers is much higher than that from stolen payment information.

Most of the data breaches that were reported in California involved hackers from other countries.

"Increasingly, highly sophisticated criminal organizations and state-sponsored entities - located as far away as Russia, China and Eastern Europe - are responsible for breaches," continued Harris.

The report continues to say that retailers should use stronger encryption and should begin migrating to payment systems that use tokenized data instead of actual card data. This would mean that payment information stolen from an institution would not be usable to make future payments or counterfeit stolen cards. These kinds of payments systems have begun popping up, with the payment industry setting a soft deadline of October 2015 for new rules about fraud liability to take effect. Under these new rules, companies that have data breached could be help accountable for fraudulent charges.

ⓒ 2018 All rights reserved. Do not reproduce without permission.
Real Time Analytics