LAGUNA BEACH (AP/CBSLA.com) — Personal information about more than 18.5 million Californians was hacked, stolen or otherwise exposed last year and as many as one-third of those people will become victims of fraud, California Attorney General Kamala Harris said Tuesday in a new report on data breaches in the nation’s biggest state.

The second annual California Data Breach Report (PDF) found in 2013, retailers, banks, health care providers and other organizations reported 167 data breaches to the state Attorney General’s office, a 28 percent jump from 2012, according to Harris.

KNX 1070’s Ed Mertz reports data breaches are also on pace to top last year’s total: as of October, 152 reports had been filed with Harris’ office, compared with 117 at the same time last year, a 30 percent uptick.

As many as one third of people whose information is exposed in a data breach will subsequently suffer some kind of fraud, Harris adds in the report, citing estimates by Javelin Strategy and Research, a California firm that tracks financial industry trends.

According to Harris, more than half of the 2013 breaches were caused by computer intrusions, such as malware and hacking. The remaining breaches resulted from physical loss or theft of laptops or other devices containing unencrypted personal information (26 percent), unintentional errors (18 percent) and intentional misuse (four percent).

The alarming increase in malicious hacking and accidental leaks due to poor information security was mainly due to breaches at Target stores and Living Social, an online marketplace. Even without those two incidents, the number of customer accounts exposed by hacking, lost and stolen hard drives and accidental data leaks, jumped 35 percent last year.

Another major breach occurred in February when the personal information of approximately 168,500 patients of the Los Angeles County departments of Health Services and Public Health had been compromised following a computer equipment theft.

More than half of the breaches reported in California involved malicious attempts by hackers or cyber-criminals who were determined to steal customer data, according to the report, which said “trans-national criminal organizations” appear to be responsible in many cases.

A new state law that goes into effect next year will require companies to offer at least one year of free theft-prevention assistance, such as credit monitoring, to consumers affected by data breaches. While many companies already do this, the report says that kind of help was only offered in half of the breaches reported over the last two years.

Harris is recommending additional changes, including legislation that sets stricter notification requirements and provides financial aid to help small businesses adopt data safeguards. She also urges companies to use stronger encryption and other protective methods, although she noted that a recent legislative effort to require encryption was unsuccessful.

Harris also is urging companies to notify consumers about data breaches more promptly and to make their notices easier to understand, with less legal jargon. She notes that the purpose of such notices “is undercut if the recipients cannot understand them.”

(TM and © Copyright 2014 CBS Local Media, a division of CBS Radio Inc. and its relevant subsidiaries. CBS RADIO and EYE Logo TM and Copyright 2014 CBS Broadcasting Inc. Used under license. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.)

Comments