New York data breaches hit all-time high as 1.6mn users’ records exposed

New York data breaches hit all-time high as 1.6mn users’ records exposed
Nearly 1,300 data breaches were reported in 2016 to the New York Attorney General's Office, a new record and a 60 percent increase from 2015. The breaches exposed personal information of 1.6 million New Yorkers, a threefold increase from 2015.

The purloined information "consisted overwhelmingly" of Social Security numbers and financial account data, the New York Attorney General's Office reported Tuesday.

Hacking and "inadvertent disclosure" were the two leading causes of data exposure, the office said.

"Hacking is increasingly prevalent – making it all the more important for companies and citizens alike to take precaution when sharing and storing personal data," New York Attorney General Eric Schneiderman said.

Hacking was responsible for more than 40 percent of data security breaches, the report says, while "employee negligence" – consisting of inadvertent disclosures, insider wrongdoing and loss of device or media – made up 37 percent of data breaches.

In all, more than 3.1 million individual records of New Yorkers were exposed in 2016, the report said.

Social Security numbers and financial data accounted for a combined 81 percent of breached content, while driver's licenses, dates of birth and password/account information each represented 8 percent or less of breaches.

The New York Attorney General's office began collecting data on personal record exposures in 2005.

Despite upward trends of data breaches in New York, only two major breaches were reported to the attorney general's office; one involved the exposure of personal health information of 761,782 people, while the other exposed financial, personal and Social Security information of 251,201 people.

From 2006 to 2013, 28 "mega-breaches" have been reported to the attorney general's office.

"No organization is exempt from the risk of a data breach. Data exposure can occur at small family businesses, government agencies, and large multinational corporations," the New York Attorney General Office said.

Schneiderman's office offered a series of steps for businesses to guard against data breaches, including the minimization of data collection practices, security plans that include encryption and immediate notification of breaches to authorities and those affected. For individuals, the office said close monitoring of financial data, smart social media use and the creation of strong, frequently-updated passwords can guard against threats.

One example of "inadvertent disclosure" outside of New York occurred earlier this month, when security researchers found "gigabytes of files" left accessible online by an US Air Force official that contained personal or sensitive information on more than 4,000 officers.