Sign in / Join

Identity crisis for millions of New Yorkers who saw personal info compromised in 2016

New York Attorney General Eric Schneiderman revealed the numbers on Tuesday, noting that hackers’ handiwork accounted for over 40% of the compromised data.

ALBANY — New York saw a record number of reported data breaches in 2016 that exposed the personal records of 1.6 million people, state Attorney General Eric Schneiderman said Tuesday.

All told, Schneiderman said his office received 1,300 reported breaches, a hefty 59% increase over 2015.

Social security numbers and financial account information accounted for 81% of the data that was acquired.

Hacking accounted for 40.5% of the data security breaches, he said.

“Hacking is increasingly prevalent – making it all the more important for companies and citizens alike to take precaution when sharing and storing personal data,” Schneiderman said.

But Schneiderman said while hacking has always been the primary reason beyond data breaches, in 2016 employee negligence ran a close second at 37%.

Such negligence consists of a combination of inadvertent exposure of records, insider wrongdoing, and the theft of a device.

While the total number of breaches was up, the number of large-scale information theft was actually down.

Schneiderman’s office said there were only two mega-breaches in 2016, compared to 28 between 2006 and 2013.

A 2016 hack on global banking juggernaut HSBC exposed the personal records of over 200,000 New Yorkers, Schneiderman said.

In 2016, the personal health information for 761,782 New Yorkers was exposed due to a breach reported by a business associate of Capital District Physicians Health Plan.

The next largest breach involved HSBC bank and exposed the financial, personal and social security information of 251,201 New Yorkers, Schneiderman said.

The Attorney General’s office began collecting information regarding data breaches in 2005.

Schneiderman suggests people looking to avoid being hacked should create strong passwords for online accounts and update them frequently.

He urged people to carefully monitor their credit card and debit card statements each month.

People should not write down or store passwords electronically, post sensitive information like birthdays and addresses on social media, and stay up to date on media reports of data security breaches and consumer advisories.

Those already victimized by a data breach should change their names and passwords, create an identity theft report with the Federal Trade Commission and file a criminal complaint with local police.

People should also put a fraud alert or a security freeze on their credit report by notifying the credit reporting agencies, the AG said.