New York Attorney General Report Shows the Number of Data Breaches is on the Rise and Recommends Steps to Take for Protecting Against Them


On July 15, 2014, the New York Attorney General issued a report examining the growing number and costs of data breaches in the state of New York. The report titled, “Information Exposed: Historical Examination of Data Security in New York State,” analyzes eight years’ worth of security breach data collected by the Attorney General and the impact of those breaches upon New Yorkers. The report finds that the number of security breaches reported to New York has more than tripled between 2006 and 2013. Additionally, half of the largest breaches have occurred since 2011, with 2013 having the largest number of New Yorkers affected by data breaches.

The leading causes of the data security breaches were also reported by the Attorney General. The report found that approximately 40 percent of all breaches between 2006 and 2013 were the result of hacking intrusions (third parties gaining unauthorized access to data stored on computers). Nearly percent of all breaches were the result of lost or stolen equipment or documentation. And insider wrongdoing, increasing in frequency each year, accounted for approximately 10 percent of all breaches.

The Attorney General also reviewed the number of data security breaches reported by industry. Retailers were most likely to report three or more breaches between 2006 and 2013. The report links retailers’ susceptibility to attack – particularly restaurant retailers – to retailers’ payment systems which have become a favorite target of hackers. In addition, health care providers were shown to have not only a high incidence of three or more attacks, but also experienced the largest number of personal records exposed between 2006 and 2013.

The data breaches experienced in New York had significant financial consequences, particularly to the organizations involved. The report estimates that in 2013 alone, breaches cost organizations doing business in New York over $1.37 billion. These costs include not only costs to investigate the incident, notify affected individuals and expenses related to litigation, but also include indirect economic consequences related to consumer and investor confidence.

In order to better protect themselves from data security breaches, the report recommends that organizations implement the following five practices:

1. Understand what data your organization has collected, maintained and stored, and review what steps have been taken to ensure security.

2. Minimize the collection of data, store data for the minimum time that is needed and delete any information no longer needed.

3. Create a comprehensive information security plan that includes encryption of data.

4. Implement the information security plan which should include training of employees, communicating with third party vendors and conducting regular audits to ensure compliance.

5. Offer mitigation services to affected individuals.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BakerHostetler | Attorney Advertising

Written by:


BakerHostetler on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.