NY Attorney General: Millions affected by data breaches

Mar 30, 2018
Originally published on March 29, 2018 3:07 pm

More than 9 million New Yorkers had their personal data exposed last year. This includes social security numbers, financial information and driver license records.

During a stop in Rochester,  NYS Attorney General Eric Schneiderman said Thursday that his office received 1,583 reports of data breaches in 2017, affecting people across the nation and roughly 9.2 million New Yorkers. He says these numbers have been on the rise since 2015.

“That’s more than four times as many New Yorkers as in 2016,” he said of the 9 million affected. “So a four-fold increase in the number of New Yorkers whose data was exposed over the previous year.”

These breaches include the “mega-breach” of Equifax, which impacted people nationwide, and the breaches at Chipotle, a national chain restaurant. Four area locations were affected. Schneiderman says his office is also working with other state attorney generals across the nation on the Cambridge Analytica report:

“I have spoken to people at Facebook and my staff has spoken to them many times,” he said. ”We’re doing a joint investigation with Maura Healy, the Massachusetts Attorney General. We’ve sent them a letter demanding documents and information, all of their policies historically on privacy, what their representations were to consumers, what happened when they discovered that the information of more than 15 million Facebook users had been compromised by Cambridge Analytica? So we’re really digging into this.”

Cambridge Analytica is a political consulting firm that worked with President Donald Trump’s 2016 campaign. 

Schneiderman says they will work with other states as the investigation continues but that he would like to see better legislation on the state’s books:

“We are doing multi-state investigations in some cases. Equifax is a good example. Facebook will be another and quite frankly, New York’s laws are behind those of a few other states so it’s time for us to take further steps to protect New Yorker’s data. We really should make New York a national model.”

Last fall, the state legislature with Schneiderman's guidance introduced the Stop Hacks and Improve Electronic Data Security Act. It’s called the SHIELD act for short and would require that businesses handle, store and dispose of customer and personal records in a safer way.

But for now, he says users will have to be more careful as well.

Hackers made up 40 percent of the data breaches and resulted in 94% of the total personal information exposed.

Employee negligence is another issue, accounting for 25 percent of breaches, where customers’ records are mismanaged or poorly handled. Officials say it’s a good idea to question companies and websites about how this information will be used and stored and ultimately it’s better to opt not to give out this information than to have it stolen.