More than 7.3 million New Yorkers' personal information was exposed in data breaches last year, costing the public and private sectors as much as $1.37 billion, a New York State attorney general's office report found.
The number of reported data breaches in New York more than tripled between 2006 and 2013, the report released Tuesday said. It found that 22.8 million personal records of New Yorkers have been exposed in nearly 5,000 data breaches in that period, mostly through hacking intrusions.
"As we increasingly share our personal information with stores, restaurants, health care providers and other organizations, we should be able to enjoy the benefits of new technology without putting ourselves at risk," Attorney General Eric T. Schneiderman said in a statement. "Unfortunately, our expansive look at data breaches found that millions of New Yorkers have been exposed without their knowledge or consent."
In 2013, there were more than 900 breaches; the record-setting amount of personal data exposed was largely driven by two retail megabreaches, at Target and at Living Social, a website featuring discounted deals for restaurants, travel and more.
Data breaches have not only hurt retailers, but also enterprises ranging from local family businesses to large multinational corporations, all of which have recounted data security breaches to the attorney general's office, according to the report.
The attorney general's office recommended steps that organizations can take to protect sensitive personal information against unauthorized disclosures, including: reviewing how sensitive data are acquired and what access controls are in place; minimizing data collection and retention; and creating an information security plan that includes encryption of data.