The recent string of major data breaches — including the likes of Target, Home Depot, P.F. Chang’s and Nieman Marcus — have spurred a 600% increase in the number of California residents’ records compromised by cyber criminals over the last year, the latest California Data Breach Report revealed.
According to the study, a total of 167 breaches were reported in 2013 – where 18.5 million personal records were compromised – an increase of 28% from 2012 where just 2.5 million records were stolen. To put things in perspective, that’s nearly half of the state’s population (38 million).
These figures experienced a large uptick following recent incidents involving Target and LivingSocial, which together accounted for 7.5 million of the breached records. Out of the incidents reported in 2013, over half (53%) of them are attributed to malware and hacking.
“Malware and hacking breaches made up 93% of all compromised records (over 17 million records). The LivingSocial and Target breaches accounted for the bulk of those records . In April, the online marketplace LivingSocial reported a cyber attack on their systems that compromised the names, email addresses, some birth dates and passwords of over 50 million customers, including 7.5 million Californians. In December, Target reported a hacking and malware insertion into its network that resulted in the theft of the names and payment card data of 41 million customers, including 7.5 million Californians,” the report noted.
Even by factoring out both Target and LivingSocial, the amount of Californian records illegally accessed last year rose 35% to 3.5 million.
“Data breaches pose a serious threat to the privacy, finances and personal security of California consumers. The fight against these kind of cyber crimes requires the use of innovative strategies by government and the private sector to protect our state’s consumers and businesses,” California Attorney General Kamala Harris said in a statement.
While California residents aren’t any more susceptible to data hijacking than others, the state law requires businesses and agencies to notify customers of any breach involving more than 500 accounts. This law led to the creation of the California Data Breach Report.
The last 12 months weren’t a fluke either. In fact, “These data breaches are going to continue and will probably get worse with the short term,” emphasized Jim Penrose, former chief of the Operational Discovery Center at the National Security Agency.
Aside from payment cards, which the Attorney General urged companies to adopter stronger encrypting and safeguard technologies, one of the most vulnerable sectors is the healthcare industry. Not only are a number of medical devices coming under siege by hackers, stolen health records are also plaguing the industry. Moreover, cyber thieves accessing unprivileged information can even be more harmful than other stolen data as it can be used for identity theft and fraud over a longer duration.
In 2012-2013, the majority of breaches in the healthcare sector (70%) were caused by lost or stolen hardware or portable media containing unencrypted data, in contrast to just 19% of such breaches in other sectors.
“By now, the problem should be obvious to anyone who is paying attention — data of any kind is vulnerable to attack by a wide variety of antagonists from hacker groups and cyber-criminals to electronic armies, techno-vandals and other unscrupulous organizations and people. The reason is simple. Yes, you guessed it: It is because data = money. To make it worse, because of the web of interconnections between people, companies, things, institutions and everything else, everyone and everything digital is exposed,” explained Bill Boldt, Atmel’s resident security expert.
To safeguard information and devices, authentication is increasingly coming paramount. As the latest incidents highlight, thinking about forgoing security in a design simply because that device isn’t connected to a network or possesses a wireless interface? Think again. The days of truly isolated systems are long gone and every design requires security. As a result, the first step in implementing a secure system is to store the system secret keys in a place that malware and bugs can’t get to them – a hardware security device like CryptoAuthentication. If a secret key is not secret, then there is no such thing as security.
Want to read more? Download the entire report here.