Data from the Massachusetts Office of Consumer Affairs & Business Regulation (OCABR) shows that 3.2 million residents – almost half the population of the state- have been the victim of a data breach in the last four years.
The report finds that 1,833 breaches have been reported to the State by a wide range of public and private entities since 2007. More than half of all breaches reported in 2011 were criminal or malicious in nature, OCABR reported.
The report is dated December, 2011, but was posted on the Office’s Web site this week. It complies data collected under the state’s Data Security Breach Law (Mass General Law c 93H) which took effect on October 31, 2007.
The number of breaches reported in each full year since the law took effect has remained more or less constant, ranging from a high of 472 breaches in 2008 to a low of 431 in 2009. The breaches affecting the most residents were generally of electronic data, versus paper records. Among those were the breach at electronics giant Sony Corp.’s PlayStation Network, which affected 560,990 Bay State residents. A hack of Michael’s craft stores affected 41,000 residents, OCABR said.
Despite the law’s requirement that portable media and other devices be encrypted, few are. Of 290 devices containing sensitive data that were stolen from 2007 through 2011, just 12 used encryption to protect data on the device. Of the 75 devices reported lost or misplaced during the same period, just one used encryption to protect data on the device, the State revealed.
You can read the full report from OCABR on the State’s Web site here.