Failure to Encrypt Data Puts Individuals at Risk

By Karen A. Frenkel  |  Posted 07-29-2013

Failure to Encrypt Data Puts Individuals at Risk

Thousands of Californians Affected by 2012 Breaches  In 2012, the California Attorney General's Office received 131 reports of data breaches, each of which affected more than 500 California residents. Five of the breaches involved over 100,000 individuals.

Failure to Encrypt Data Puts Individuals at Risk

Failure to Encrypt Data Puts Individuals at Risk

A Single Breach Hurts Thousands of Individuals  The average incident involved the information of 22,500 individuals. The median breach affected 2,500 individuals.

Failure to Encrypt Data Puts Individuals at Risk

Failure to Encrypt Data Puts Individuals at Risk

Millions at Risk  The personal information of over 2.5 million Californians was put at risk by data breaches in 2012.

Failure to Encrypt Data Puts Individuals at Risk

Failure to Encrypt Data Puts Individuals at Risk

Encryption Is Key  If the data had been encrypted, over 1.4 million Californians would have been protected. And 28% of the data breaches would not have required notification.

Failure to Encrypt Data Puts Individuals at Risk

Failure to Encrypt Data Puts Individuals at Risk

Retail Suffered the Most  The retail industry reported the most data breaches with 34 incidents (26%), finance and insurance were second with 30 breaches apiece (23%) and health-care was the third largest with 19 incidents (15%).

Failure to Encrypt Data Puts Individuals at Risk

Failure to Encrypt Data Puts Individuals at Risk

Insecure Social Security, Precarious Payment Cards  Over half of the breaches (56%) involved Social Security numbers, exposing victims to the most serious type of identity theft—new account fraud. Payment card information was second (40%) with 53 breaches.

Failure to Encrypt Data Puts Individuals at Risk

Failure to Encrypt Data Puts Individuals at Risk

Outsiders and Unauthorized Insiders   More than half of the breaches (55%) resulted from intentional intrusions by outsiders or by unauthorized insiders. The remaining 45% resulted from failures to adopt or carry out appropriate security measures.

Failure to Encrypt Data Puts Individuals at Risk

Failure to Encrypt Data Puts Individuals at Risk

Breach Notices Often Misunderstood  The average reading level of the breach notices was 14th grade, too high for 43% of Americans, who read at or below the 8th grade level.

Failure to Encrypt Data Puts Individuals at Risk

Failure to Encrypt Data Puts Individuals at Risk

Remember to Encrypt Data  Always encrypt digital personal information when moving or sending it beyond the organization’s secure network. Data encryption is key.

Failure to Encrypt Data Puts Individuals at Risk

Failure to Encrypt Data Puts Individuals at Risk

Constantly Review Security Measures  Adapt to new threats by reviewing and tightening the security controls on personal information, including the training of employees and contractors.

Failure to Encrypt Data Puts Individuals at Risk

Failure to Encrypt Data Puts Individuals at Risk

Make Breach Notices Understandable  Provide breach notices that an 8th grader can read and comprehend. Use simple and easy-to-understand language.

Failure to Encrypt Data Puts Individuals at Risk

Failure to Encrypt Data Puts Individuals at Risk

Preventing Identity Theft  29% of Social Security breaches result in identity theft, yet no credit monitoring or other mitigation product is offered to victims. Clearing up identity theft can take hundreds of hours and cost thousands of dollars. Take protective measures to limit individuals’ risk, including the offer of credit-monitoring services.

Failure to Encrypt Data Puts Individuals at Risk