California Releases First Data Breach Report

The State of California just released its first data-breach report for 2012 last week. Some of the report’s key findings include:

• Reports of 131 data breaches affecting more than 500 Californians.
• The breaches exposed 2.5 million Californians’ personal data.
• More than half of the breaches (56 percent) involved Social Security numbers.
• The use of encryption could have protected 1.4 million Californians’ data.

Yet, one of the most striking quotes was that “more than half of the breaches (55 percent) were the result of intentional intrusions by outsiders or by unauthorized insiders. The other 45 percent were largely the result of failures to adopt or carry out appropriate security measures.”

That says to me that breaches are all about people—whether they are social engineers or hackers intent on fraud, or regular hard-working employees who aren’t adequately protecting the information they access.

In either case, it’s obvious that California can’t really blame the computers. These breaches are a people problem, and can also be solved with people—people who are adequately trained to ward off hackers and social engineers and take steps to safeguard data or devices that contain sensitive information.

California Attorney General Kamala D. Harris opened the report by reminding readers of California’s strong consumer privacy laws and required data breach notification. If our “strongest” state still has data leaks to plug, then I wonder how the other 49 are faring.

http://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/2012data_breach_rpt.pdf