California's Attorney General Releases Security Breach Report
Report: In the last four years, nearly 50 million records of Californians have been breached and the majority of security breaches resulted from security failures
In the past four years, the Attorney General has received reports on 657 data breaches, affecting a total of over 49 million records of Californians. In 2012, there were 131 breaches, involving 2.6 million records of Californians; in 2015, 178 breaches put over 24 million records at risk. This means that nearly three in five Californians were victims of a data breach in 2015 alone.
And nearly every industry is at risk.
The scary thing is that nearly all of these breaches happened more than a year after a solution was made publicly.
What does that mean? It means that many organizations seem to be taking a lackadaisical approach to their security skills, training, practices, and procedures to properly protect consumers.
According to a report released by California’s Attorney General, many of the breaches reported could have been prevented by taking reasonable security measures.
There’s that ‘could have been prevented if we’d known about it’ thing again!
Organizations that voluntarily choose to collect and retain personal information need to take on a legal obligation to adopt appropriate security controls.
California’s information security statute requires businesses to use “reasonable security procedures and practices… to protect personal information from unauthorized, access, destruction, use, modification, or disclosure.”
You don’t have to be a big business to suffer a data breach. Despite having less data than larger businesses, according to the report, small businesses were still a significant breach risk and represented 15% of all breaches reported. They were most susceptible to hacking and malware attacks, but also experienced physical breaches at a greater rate than larger businesses.
Data breach scandals litter the headlines all the time. And in many instances, someone could have spoken up about suspicions they had that could have put a stop to the disaster before it got out of hand.
Companies need to take proactive measures to address their security policies and procedures and ensure that every employee is aware of what the ‘danger signs’ look like and what they can do if they come across something that doesn’t seem right. This includes up-to-date ethics policies on how company data is handled, and whistleblower policies covering where and how to report.