The number of personal records compromised by data breaches in California surged to 18.5 million in 2013, up more than six times from the year before, according to a report published on Tuesday by the state's Attorney General.
There were 167 breaches reported during the year, up 28 percent from 2012. The massive increase in the number of compromised records came as a result of two major breaches -- the loss of credit card data at Target in December 2013 and the cyber attack on LivingSocial in April 2013.
Those two breaches concerned around 70 million and 50 million records respectively nationwide and they rank among the largest data breaches so far experienced. Collectively, they impacted 7.5 million Californians.
Just over half of all breaches were caused by intrusions into computer networks carrying sensitive data, either by hacking or through malware that stole data. Just over a quarter were due to physical loss or theft of computers, data drives or paper containing unencrypted personal information, 18 percent were attributed to unintentional errors and 4 percent to data misuse.
As for what was lost, Social Security number breaches occurred in just under half of all cases followed by payment card details in 38 percent and medical information in 19 percent.
In the report, Attorney General Kamala Harris calls for increased use of encryption by companies and agencies to safeguard the personal information of consumers.
"Data breaches pose a serious threat to the privacy, finances and personal security of California consumers," Harris said. "I strongly encourage more use of encryption to significantly reduce the risk of data breaches."
And she takes to task retailers, who have been slow adopting new chip-and-PIN payment card technology.
The transition to chip-based payments is expected to accelerate in the remainder of this year and through 2015, in part because of a growing number of data breaches and because retailers will start being liable for fraud conducted on magnetic stripe-based payments from October next year.
Chip-and-PIN payments and those supported by new technologies like Apple Pay rely on a token that substitutes the card number in the retailer's network. The token is of little use if stolen and should make it much more difficult for cyber criminals to steal payment card details from terminals in stores.
Under California law, companies are required to notify the state Attorney General's office of each breach that affects at least 500 California residents. The report was compiled from those notifications.
Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is [email protected]