Content, Breach, Content

New York Attorney General: 9.2M Personal Records Exposed in 2017

Approximately 9.2 million New York business and consumer records were exposed in 2017, according to a New York State Office of the Attorney General (NYAG) report. This figure represents quadruple the number of New York business and consumer records compromised in 2016.

Other notable NYAG report findings included:

  • New York organizations reported 1,583 data breaches to NYAG last year.
  • Hacking accounted for 94 percent of all personal information exposed, due in large part to the Equifax data breach.
  • Hacking (44 percent) was the leading cause of data breaches reported to NYAG, followed by negligence (25 percent).
  • Compromised records included New Yorkers' Social Security numbers (40 percent of records exposed) and financial account information (33 percent of records exposed).
  • The exposure rate of New Yorkers' personal information last year was the highest since NYAG started receiving data breach notices in 2006.

New York Cybersecurity Strategy

NYAG is taking steps to safeguard New York businesses and consumers against data breaches.

The Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) was introduced in the New York State Assembly in November and would require New York companies to adopt "reasonable" administrative, technical and physical safeguards for sensitive data, NYAG noted. It also would expand the types of data that trigger reporting requirements.

Current legislation requires any person or commercial entity conducting business in New York to report a data security breach involving "private information" to NYAG and other state agencies. Furthermore, New York government agencies are required to report breaches of private information.

How Can Businesses and Consumers Protect Their Sensitive Information?

NYAG offered recommendations to help organizations safeguard their sensitive data against unauthorized disclosures, and these recommendations included:

  • Understand what information a business requires for its operations, what data has already been collected and stored, how long this data is needed and what steps have been taken to ensure its security.
  • Collect only information that is needed, store it only for the minimum time that it is required and deploy data minimization tactics wherever possible.
  • Investigate all security incidents immediately and thoroughly.

In addition, NYAG provided the following recommendations to help consumers protect their sensitive data against cyber threats:

  • Use strong passwords and update them frequently.
  • Monitor monthly credit and debit card statements.
  • Do not write down passwords or store passwords electronically.
  • Do not post sensitive information on social networks.

Businesses and consumers also should keep track of the current cyber threat landscape, NYAG recommended. By doing so, they can quickly identify cyber threats and limit their impact.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.