Failure to Encrypt Data Still Poses Major Threat

The information gathered as a result of California’s enhanced data breach law was released by the state attorney general’s office on July 1.  The report states there were 131 data breaches reported to the attorney general’s office in 2012 and those breaches exposed the personal information of 2.5 Million residents of California.  Additional findings:

  • Thirty-six of the breaches involved unencrypted personal information.  Over half of the people whose personal information was exposed would not have been at risk if their data had been encrypted.  Additionally, more than half of the exposed personal information involved social security numbers.  
  • The industries reporting the most breaches to the attorney general’s office included retail and finance and insurance. 
  • The breaches were primarily caused by unauthorized access by outsiders or insiders of the organization.  Breaches were also caused by loss of media containing content and misdirected emails and unintentionally posting personal information on a website. 

The attorney general made several recommendations based on the results including making encryption an enforcement priority and requiring notification when usernames/passwords are exposed.