On Tuesday, the office of New York State Attorney General Eric T. Schneiderman released a summary of the year 2016 in data breaches. Collecting any breach that affected New York state residents, the Attorney General’s office saw those numbers swell by 60 percent overall last year. While hacking accounted for more than 40 percent of the 1,282 total incidents reported, employee negligence, including inadvertent exposure and device loss, was close behind at 37 percent.
“In 2016, New Yorkers were the victims of one of the highest data exposure rates in our state’s history,” Attorney General Schneiderman said in a statement on the report. “The total annual number of reported security breaches increased by 60% and the number of exposed personal records tripled… It’s on all of us to guard against those who try to use our personal information for harm — as these breaches too often jeopardize the financial health of New Yorkers and cost the public and private sectors billions of dollars.”
Compared to past years, New York saw fewer of what the report calls “mega breaches,” with only two massive incidents resulting in widespread exposure. One of those, an October breach at Newkirk Products Inc., a healthcare ID card provider, exposed the private health data of 761,782 New York residents.
A second major breach happened in the banking industry in January of 2016, when an incident at HSBC exposed private financial data and social security information of 761,782 New York residents. The report notes that the average time it took to notify the Attorney General’s fell anywhere between a single day and multiple months, but the delay before notification declined as the year progressed.
New York is just a single state, but its status as a national financial and business hub make it a complex one by security standards — and one with plenty of high-value targets.