OLYMPIA — Nearly half a million Washingtonians had their personal information compromised as a result of data breaches between July of 2015 and July of this year, according to a report issued Monday by Attorney General Bob Ferguson.
The AG’s report details the sources and impacts of data breaches reported to the Attorney General’s Office under new, stricter notification and reporting requirements adopted by the Legislature in 2015. During the first year after the law took effect, 39 data breaches met the reporting threshold of 500 affected Washingtonians, according to the AG’s office. Those 39 incidents occurred at companies and organizations ranging from school districts to national retail chains and affected at least 450,000 Washingtonians. The number is undoubtedly higher, since several companies reported that they were unable to determine the number of individuals affected.
While most of the breaches impacted less than 10,000 individuals, one breach in the telecommunications industry affected more Washington residents than the other 38 breaches combined. In that instance, T-Mobile informed the AGO that an intruder obtained the sensitive data of nearly 330,000 Washingtonians through an Experian breach.
“Information is power, and this new law gives my office and Washingtonians valuable information about potential risk to their personal information and their businesses,” Ferguson said. “Data breaches are a serious threat to our security, and my office can use this information in our efforts to protect the people of Washington.”
The report also details the causes of the breaches. Malicious cyber attacks accounted for the largest share of the breaches. A significant number also resulted from unauthorized people, such as third-party vendors or employees, gaining access to information. A small number of breaches resulted directly from loss or theft.
The Attorney General’s report includes a look at the potential costs of data breaches to both companies and consumers, as well as a more detailed look at what types of Washington organizations were affected by the breaches and what types of consumer information were exposed. It also provides resources for affected businesses and individuals.