NY Attorney General: Record number of data breaches in 2017
Rochester, N.Y. (WHAM) - A record number of data breaches happened in 2017, New York Attorney General Eric Schneiderman said Thursday.
During a news conference in Rochester Thursday morning, Schneiderman said companies and other groups and organizations reported more than 1,500 data breaches to his office in 2017 alone.
Those breaches exposed the personal records of 9.2 million New Yorkers.
"We are always working for forward-thinking ways to protect the data and privacy of New Yorkers," Schneiderman said.
Business owner Stacey Cudzilo says she wants her customers to know their personal information is safe every time they swipe their cards at her salon.
"As any business owner large or small, it's our job to protect people's information," Cudzilo said, owner of the Park Ave Salon and Day Spa.
She says whenever someone is using their credit or debit card, she doesn't store their card numbers. "We run it through a different machine, and that's the best way we know to protect our client's information," she said.
The report, which is available online, found exposed information belonging to people living in New York consisted overwhelmingly of Social Security numbers. Approximately 40 percent of the personal records exposed left that data open; 33 percent of those records left credit card numbers exposed.
"The report we are issuing today shows that the problem is only getting worse," Schneiderman said.
Schneiderman said no one is immune to data breaches.
"None of this is limited to geography any more," Schneiderman said. "If you're ordering something online or you're ordering food online, you're exposed. And you're exposed to national hackers; you're not just exposed to local hackers no one is going after. It's unlikely that someone would go after one Chipotle. They're breaking into the Chipotle system for as many franchises as they can get."
Schneiderman said he is urging lawmakers in the New York State Legislature to pass his Stop Hacks and Improve Electronic Data Security Act (SHIELD Act). It aims to close major gaps in state data security laws.
"Every business that chooses to store information has a moral responsibility to maintain reasonable safeguards for that data and if we pass this they will have a legal responsibility as well," he added.
However, Cudzilo worries that could be costly for mom-and-pop shops.
"Especially a small business. If there was a breach, it could mean a lawsuit that a small business might not be able to take," she said.
The attorney general said if passed the Shield Act it would be tailored to business size and the amount of data each one handles.
Part of the legislation would require Facebook and other social media sites to notify the NY Attorney General's Office and its users when they learn that users' personal data was obtained and misused in violation of the law or the platform's terms of service.