A new report from Forbes Advisor shows that California led the nation in data breaches between 2017 and 2021, with 325,291 victims losing more than $3.7 billion.
Forbes used FBI data from the federal agency’s Internet Crime Complaint Center to determine how many Americans were impacted during the five-year period, which type of breach was the most common and which resulted in the highest financial loss.
The most expensive breach for Golden State residents came from compromised email accounts, which cost 14,925 victims more than $1.18 billion. That was followed by 12,205 victims duped by online romance schemes at a cost of $516.2 million.
Other rip-offs came in the form of investment scams (5,270 victims lost nearly $440 million), real estate fraud (11,365 victims lost $176.4 million) and personal data theft (31,742 victims lost $163.4 million).
Texas weathered the second-biggest financial loss in the Forbes report with 179,217 people impacted by data breaches at a total cost of more than $1.8 billion. New York was next (141,170 victims lost $1.77 billion), followed by Florida (198,830 victims lost $1.72 billion) and Ohio (64,926 victims lost $776.8 million) to round out the top five.
When California businesses suffer data breaches, that information, along with notification letters that were sent out if the breach impacted more than 500 people, must be submitted to the state Attorney General’s Office.
The list of California companies that have had data stolen this year and in 2021 is long and includes Blue Shield of Southern California; Kaiser Foundation Health Plan, Southern California; Lending Tree; Ernest Packaging Solutions; and Professional Finance Co., among scores of others.
Kaiser is among the companies that notified the Attorney General’s Office of a breach. In a letter sent to Kaiser members on July 15, 2022, the health-care provider said on May 20 that someone had broken into a storage locker at its Los Angeles Medical Center and stolen an iPad along with the password to the tablet. The iPad had been used at a Kaiser COVID-19 testing site by employees and contained photos of COVID-19 lab specimen labels but no photos of patients.
Alina Harris, Kaiser’s privacy and security officer, said the company had no specific evidence that patient information was accessed and/or viewed by the thief. Kaiser said it initiated an investigation into the theft, notified law enforcement and remotely erased all data from the iPad, including the photos.
In a statement issued Monday, the health-care company said no Social Security numbers or financial information were included in the data on the iPad.
Lending Tree told customers it discovered a code vulnerability on June 3, 2022, that likely resulted in the “unauthorized disclosure of some sensitive personal information.” The company said the breach — which included access to names, Social Security numbers, birth dates and street addresses — apparently began in mid-February.
“The vulnerability in the code no longer exists, and we are working to implement additional security measures to protect consumers who visit our online interfaces,” Lending Tree CEO Arun Sankaran said in his letter to customers.
On a broader scale, Forbes said that from 2017 to 2021, more than 2.3 million data breaches occurred throughout the U.S., Guam, U.S. Virgin Islands and Northern Mariana Islands, generating a total financial loss of $20.1 billion.
In a statement issued last year, California Attorney General Rob Bonta urged hospitals and other health-care facilities to ensure that safeguards are in place to deter data breaches.
“I implore all entities that house confidential health-related information to be vigilant and take steps now to protect patient data before a potential cyber attack,” he said.
(c)2022 The Whittier Daily News. Distributed by Tribune Content Agency, LLC.