So far in 2021, 6.3 million data breach notifications have been sent to Washingtonians – by far the most since Attorney General Bob Ferguson’s office began tracking this.
The number of data breaches reported to the Ferguson office also skyrocketed to 280, surpassing the previous record of 78 and last year’s total of 60, according to the report.
The previous record of notices of violation was set in 2018, with 3.5 million notices sent, according to the report.
The report also identifies a huge spike in cyber attacks and a growing threat of ransomware incidents, a type of cyber attack that uses malicious code to hold data hostage in the hope of receiving ransom. More than 150 ransomware incidents were recorded in 2021, more than the previous five years combined, according to the report.
“We are publishing this report because Washingtonians are better able to protect their data when they are aware of threats – and threats have never been greater,” Ferguson said.
The attorney general’s office said it was not receiving any funding to publish the report, but was doing so as a public service to provide Washingtonians with critical information to help protect their data.
The report includes recommendations for policymakers, including expanding the definition of personal information to include individual tax identification numbers as well as the last four digits of a social security number.
According to the report, the COVID-19 pandemic has exacerbated the threat as Washingtonians increasingly rely on digital and online services that collect user data to do business, go to school, find entertainment and communicate with their friends and family.
This increase in online activity may create more opportunities for cybercriminals to steal personal information, and it underscores the importance of Washington’s data breach notification laws.
Ferguson’s office said its long-standing efforts to compel companies to report data breaches and hold them accountable led to a 2019 investigation into a data breach at Premera Blue Cross and resulted in payment by the $ 10 million business.
Also that year, his office announced that Equifax would pay more than half a billion dollars due to a 2017 data breach affecting nearly 150 million people nationwide.
Since 2014, Ferguson’s office has called on several companies with significant data breaches that impacted the privacy of Washingtonians – Premera, Equifax, Uber and Target Corporation – enter into legally enforceable agreements to improve the security of their data.
The public can access the Attorney General’s database of violations here.