A new report compiling information from PrivacyRights.org on data breaches in the United States found that California has had the highest number of documents lost during attacks since 2005.
Using data on the total number of records lost per breach from 2005 to 2019, email marketing company Omnisend compiled a study ranking US states and companies. It found that California topped the list with 18,921,723 records lost, followed by 10,402,035 in New York, and both Texas and Georgia came in at over five million.
“Housing some of the largest companies in the world, California saw the most data breaches by state with a total of over 5,750,000,000 data breaches. This alone made up for 56% of America’s total cases from 2005 to 2019,” the report said.
SEE: Special report: A winning strategy for cybersecurity (free PDF) (TechRepublic)
The study includes a slider that lets you look at the number of files lost through breaches by state during each year since 2005. Throughout the 14 years tracked, New York and California frequently trade places as the states with the highest number of records lost.
Erich Kron, security awareness advocate at KnowBe4, said it was not surprising that California, with all of its high-tech organizations with high-value data, tops the list of states for data breaches.
“It is this level of attacks that has driven the state-specific California Consumer Privacy Act, designed to protect the privacy of the residents. It is important to know that not only are California businesses being targeted, but also state and local governments as well, with the City of Torrance, CA being the most recent to fall victim to a ransomware attack and data exfiltration threat due to the Doppelpaymer ransomware strain,” Kron said.
“As data collection related to individuals continues to grow, fueled by organizations such as Facebook, and as organizations make progress in technical and pharmaceutical industries, the value of the data they have continues to climb, making them very enticing targets for cyber criminals who use techniques such as email phishing to spread malware, take over accounts and launch ransomware attacks,” Kron added.
The compilation also breaks the data down by type of breach, finding that California and New York lost millions of records through unintended disclosure and millions more through cybercriminal hacks. A fairly large amount of records were also lost through insider leaking as well.
While California’s tech companies dealt with the largest number of attacks, for New York, it was financial institutions that lost the most records. In Texas, Georgia, California, Virginia, and New York, healthcare institutions were widely attacked as well.
“States with higher numbers of data breaches reflect the current business, media, and population density in those particular areas. California is a prime hub for innovation in Silicon Valley as well as a hotspot for celebrity media and activity, and is similar to other leading states such as New York, which serves as a central hub for financial technology or fintech, and news media, and Georgia which houses several high-level companies like Equifax and the Center for Disease Control,” said Kevin Beasley, CIO at ERP software developer VAI.
“Additionally, Virginia and Maryland share proximity to Washington, D.C., which in addition to being the center of government, is also home to many government contractors. These states all have prominent organizations and entities in their jurisdictions—making them a prime target on the Dark Web in many instances. Security should be first for these companies and not an afterthought or an add-on.”