Report: 18.5 million Californians lost personal data in 2013

In 2013, 18.5 million Californians had their personal information exposed over at least 167 data breaches, according to a report out Tuesday from the California Attorney General’s office.

The report only covered data breaches reported to the office.


“The fight against these kind of cyber crimes requires the use of innovative strategies by government and the private sector to protect our state’s consumers and businesses,” said California Attorney General Kamala Harris. “I strongly encourage more use of encryption to significantly reduce the risk of data breaches.”

While the number of reported breaches was up 28 percent in 2013, the number of people affected shot up more than sixfold, from only 2.5 million in 2012.

The AG’s office said two data breaches — Target and LivingSocial — almost completely accounted for the huge spike. Each exposed the personal information for 7.5 million Californians.

California has long led the pack in data breach notification and data privacy laws. It enacted the first data breach notification law in 2003, and more recently required websites to state in their privacy policies whether they honor Do Not Track requests made in browsers.

Hacking and malware accounted for the slight majority, 53 percent, of reported 2013 breaches, the California AG said. The rest were mostly from the loss or theft of devices or simple user error.  

“Data breaches pose a serious threat to the privacy, finances and personal security of California consumers,” Harris said.

The AG’s office encouraged retailers to install software to accept chip-enabled credit and debit cards. Retailers have committed to such a transition by October 2015.

It also encouraged retailers to implement payment encryption solutions similar to Apple’s just-launched encrypted phone payment system, Apple Pay.