Massachusetts attorney general Marth Coakley recently called on companies in the state to do more to secure the customer data they collect and store. According to the Boston Globe, Coakley's remarks come as her office released sobering statistics on the effects of data breaches in the state.
Since January 2010, the state's AG's office said, about 2.1 million Massachusetts residents have been affected by data breaches. In all, there have been 1,166 incidents reported by organizations located in the state. Of those, 480 have been disclosed between January and August of this year.
The data security measures of all companies must improve, Coakley said, to prevent such statistics from growing, the Globe reported.
"They need to be able to have up-to-date systems that both prevent a breach and identify breaches when they occur," she said, according to the newspaper.
Massachusetts began truly tracking data breaches with the passage of a statewide data breach notification law in 2007. Under the legislation, all companies operating within the state is required to disclose data breaches that may result in identity theft to customers and state regulators.
Legislators in Massachusetts drafted and passed the law following the massive TJX breach that exposed 45 million credit card numbers. TJX, the parent company of the clothing chain TJ Maxx, is headquartered in Framingham, Massachusetts. At the time, it was the largest breach in history.
Still, as the latest statistics released by Coakley's office demonstrate, data security incidents continue to occur even with the notification law in place.
According to the new report, a data breach suffered by South Shore Hospital in July 2010 was the most serious of all incidents in Massachusetts since the beginning of last year. The hospital, located in Weymoth, Massachusetts, lost the medical records of 800,000 patients who received care as far back as 14 years.
The records were misplaced while being sent to be destroyed, hospital officials concluded following an investigation.
However, many of the other data breaches tracked by the AG's office were the result of cyber attacks, as 25 percent involved the deliberate hacking of computing systems that stored confidential information.
Another 23 percent were the result of human error in which data was inadvertently shared with unauthorized individuals. For the most part, these incidents were centered on a person accidentally sending an email to the wrong recipient or a fax to an incorrect number.
The theft of customers' payment card numbers was reported in 15 percent of these incidents, according to the report. Other causes included lost or stolen laptop computers and paper records or instances when employees of a company deliberately accessed confidential information.
Coakley urged companies to remain vigilant with data protection programs, because she said threats to confidential information will only get more sophisticated moving forward.
"There is going to be more room for employee error, for intentional hacking," she said, according to the Globe report. “This is going to be an increasing target."
In addition to the consequences levied by state and federal regulators, companies that expose confidential data run the risk of alienating an overwhelmingly important area of their business: the customer base. According to a recent poll of more than 5,500 consumers conducted by SailPoint, a company that provides identity management solutions, many said a data breach would change their views of a company.
Twenty-six percent of Australians, 24 percent of Britons and 16 percent of Americans said they would no longer conduct business with a credit card company, bank or retailer that exposed their personally identifiable information. Furthermore, 16 percent of Australians, 14 percent of Britons and 10 percent of Americans would tell their friends and family to do the same.