OLYMPIA — Nearly half a million Washingtonians had their personal information compromised as a result of data breaches between July of 2015 and July of this year, according to a report issued today by Attorney General Bob Ferguson. The release coincides with National Cyber Security Awareness Month.
The Attorney General’s report details the sources and impacts of data breaches reported to the Attorney General’s Office (AGO) under new, stricter notification and reporting requirements adopted by the Legislature in 2015. Attorney General Ferguson proposed the legislation. It’s prime sponsors were Rep. Zack Hudgins and Sen. John Braun.
During the first year after the law took effect, 39 data breaches met the reporting threshold of 500 affected Washingtonians. Those 39 incidents occurred at companies and organizations ranging from school districts to national retail chains and affected at least 450,000 Washingtonians. The number is undoubtedly higher, since several companies reported that they were unable to determine the number of individuals affected.
“Information is power, and this new law gives my office and Washingtonians valuable information about potential risk to their personal information and their businesses,” Ferguson said. “Data breaches are a serious threat to our security, and my office can use this information in our efforts to protect the people of Washington.”
The report also details the causes of the breaches. Malicious cyber attacks accounted for the largest share of the breaches. A significant number also resulted from unauthorized people, such as third-party vendors or employees, gaining access to information. A small number of breaches resulted directly from loss or theft.
The Attorney General’s report includes a look at the potential costs of data breaches to both companies and consumers, as well as a more detailed look at what types of Washington organizations were affected by the breaches and what types of consumer information were exposed. It also provides resources for affected businesses and individuals.
More information about data breaches in Washington, including the individual data breach reports submitted to the AGO, is available at http://www.atg.wa.gov/data-breach-notifications. Information for businesses on reporting data breaches is available at http://www.atg.wa.gov/identity-theft-and-privacy-guide-businesses#Report.
The Clark County Sheriff’s Department offers information about reporting and dealing with identity theft on their website, at https://www.clark.wa.gov/sheriff/identity-theft.
* Information provided by the Washington State Attorney General’s Office