Millions have been exposed without knowledge or consent
Secure data of 7.3 million out of roughly 20 million New Yorkers were breached in 2013, breaching also the record for the highest number of information attacks per year in the state.
Private and public institutions in New York were hit by an unprecedented 900 data breaches exposing personal and financial information last year costing $1.37 billion, according to a new report released Tuesday by New York Attorney General Eric T. Schneiderman. The report discloses historical statistics of New York data breaches between 2006 and 2013.
“With today’s report, we are proud to be taking a first-of-its-kind, multiple-year glance at information we’ve collected, so that we’re looking not only at the direct impact on New Yorkers, but also at trends in the data. This is an important step toward ensuring that everyone, from businesses to consumers, is better protected from these intrusions,” Schneiderman told TIME in an email.
From 2006 to 2013, 22.8 million personal records of New Yorkers were exposed in nearly 5,000 data breaches, with many victims unaware. Hacking is responsible for over half of personal information exposures; the number of hacking breaches have tripled since 2006. This chart shows the full breakdown:
Data breaches per year, while a volatile statistic, have trended upward since 2006 — it’s not just that the public eye has just begun to zero in on these information security attacks, a thriving practice largely driven by the black market. (TIME’s July 21 cover story dove head first into the rise of the data breach market.) This graph shows the number of New York records exposed by year, with dotted lines representing the total number of records exposed:
The up-and-down nature of the graph is precisely due to mega-breaches, according to the report. These massive information spills are increasing, with half of the 10 largest mega-breaches affecting New Yorkers occurring after 2011, including Sony’s in May 2011 and Target’s in December 2013. Other recent, smaller breaches like P.F. Chang’s have demonstrated that no one is truly safe.
Of course, it’s not just New York. California, the first state to mandate a data breach report system in 2003, three years before New York, has previously released a data breach report, chronicling the Golden State’s dark rise of information attacks. But nationwide the upward trend is less clear, according to the Identity Theft Resource Center (ITRC), which collects data under a stricter definition of data breach over a subset of high-risk industries: finance, business, education, government and medicine. The ITRC’s findings suggest that for these industries, data breaches since 2006 had only doubled by 2013, versus tripled for New York.
Regardless, New York officials are warning the broader public to make themselves aware that every transaction comes an inevitable risk.
“It’s clear that a broad, concerted public education campaign must take place to ensure that all of us – from large corporations, to small businesses and families – are better protected,” Schneiderman said.