Nearly 23 million private records of New Yorkers have been exposed in data security breaches reported by more than 3,000 businesses, nonprofits and governments over the past eight years, New York’s attorney general reported.
Deliberate hacking was responsible for 40 percent of the 5,000 incidents, which exposed a majority of the records, followed by lost or stolen equipment, insider wrongdoing and inadvertent errors, according to the report released on Tuesday.
“As we increasingly share our personal information with stores, restaurants, health care providers and other organizations, we should be able to enjoy the benefits of new technology without putting ourselves at risk,” Attorney General Eric Schneiderman said.
Since 2005, New York law has required breached institutions to advise the attorney general and the individuals when computerized private data consisting of names and account, social security or driver’s license numbers were acquired by an unauthorized user. The report noted that it excludes thousands of data breaches involving sensitive information that don’t fit under the law’s reporting requirements.
The 7.3 million records exposed in 900 security breaches last year cost institutions an estimated $1.37 billion to investigate, rectify and help customers, the report said. They included the two largest, when Target Corp. was hacked, exposing the personal information and credit card numbers of more than 70 million customers nationwide, and LivingSocial, whose data was hacked, exposing 4.75 million records of New Yorkers.