[BreachExchange] New York data breaches rise by 60% due to hacking and insiders

Audrey McNeil audrey at riskbasedsecurity.com
Mon Mar 27 18:45:43 EDT 2017


https://www.scmagazineuk.com/new-york-data-breaches-rise-
by-60-due-to-hacking-and-insiders/article/646415/

New York data breaches have reached new heights according to the state's
Attorney General Eric Schneiderman. Security breaches skyrocketed by 60
percent in 2016.

Firms reported 1,300 breach incidents involving the data of 1.6 million New
York state residents. Hacking was the prime cause, appearing in 40 percent
of reports. Insider breaches followed, constituting 37 percent of breaches.
The remainder compriseda variety of causes including device theft and
‘merchant missteps'.

"Hacking is increasingly prevalent — making it all the more important for
companies and citizens alike to take precautions when sharing and storing
personal data," said Schneiderman. “These breaches too often jeopardise the
financial health of New Yorkers and cost the public and private sectors
billions of dollars.”

The data stolen bythe breaches was not trivial either. In the large
majority of cases, 81 percent, either social security numbers or financial
information was taken.

New York firms have been required to report breaches since 2005, after the
Information Security Breach and Notification Act was enacted. The last time
data was released on the reporting mechanism was 2014. The disclosure
revealed that over eight years of records, the data of nearly 23 million
residents had been compromised.

That included 28 so called “mega breaches” between 2006 and 2014. 2016 only
witnessed two such breaches, but both were larger and exposed far more
information. The breach on Newkirk products exposed the data of 700,000 and
another at HSBC revealed the information of 250,000. These two breaches
alone made up the majority of 2016's 1.6 million victims.

When EU GDPR comes into force next year all companies holding data on EU
citizens will be required to report breaches, enabling comparisons to be
made between the level of breaches experienced in different locations.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170327/34758e80/attachment.html>


More information about the BreachExchange mailing list