Coakley said that her office is just beginning to analyze the reports to find out whether the law is helping to reduce data breaches. But she predicted the problem will get worse as more Americans store vital personal data on various computer networks. “There is going to be more room for employee error, for intentional hacking,’’ Coakley said. “This is going to be an increasing target.’’
The attorney general’s office has received 1,166 data breach notices since January 2010, including 480 between January and August of 2011. About 2.1 million residents were affected by the various incidents, though it’s unknown whether any of them were actually defrauded as a result of the data leaks.
Of the reported incidents, 25 percent involved deliberate hacking of computer systems containing sensitive data. Another 23 percent involved accidental sharing of information with unauthorized people, such as sending faxes or e-mails with personal information to the wrong recipient. In 15 percent of cases, retailers reported the theft of customer credit card numbers. Data was also lost through thefts or accidental losses of laptop computers and paper documents, or in cases in which workers deliberately gained unauthorized access to client files.
The biggest single data breach in the report occurred last July, when South Shore Hospital in South Weymouth said it lost 14 years’ worth of records on 800,000 patients, employees, volunteers, and vendors. The hospital blamed an outside data management company for losing a batch of records they had been ordered to destroy.
Other major breaches included an incident in May, when the state’s Executive Office of Labor and Workforce Development found a virus in its computer system that transmitted data to unidentified hackers. The agency said that files on 210,000 state residents were compromised. A similar virus attack in June affected the records of more than 2,000 patients at Beth Israel Deaconess Medical Center.
