Massachusetts: state of the breach reports, 2011

Massachusetts has provided another update/report on data breach notifications they receive.  You can access the full report (pdf) on their web site. Here are a few snippets from the report:

Since the Data Security law, c. 93H, went into effect, the Office of Consumer Affairs and Business Regulation has tracked the data breach notifications it has received. As of Sept. 30, 2011, there had been 1,833 notifications of security breaches. The number of Massachusetts residents affected by the reported incidents since November 1, 2007 now totals 3,166,031. No entity appears to be exempt from breaches, as reports have come in from banks, government agencies, credit card companies, retail businesses, and the healthcare industry, among others.

[…]

As of September 30, 2011, criminal or malicious breaches totaled 241 of 454 notifications received, 52.5 percent of total breaches reported.

[…]

Through September 30, 2011, the largest share of breaches was not in the financial sector, but in the retail and healthcare industries, along with government. A combination of computer intrusions by determined individuals and programs, and careless disposal practices were the causes of major losses of information.

The full report gives more of a breakdown.

I wish Massachusetts would join other states that have chosen to post all breach notices they receive online. There are so many other analyses that such disclosure would permit.

About the author: Dissent