California Data Breach Report (February 2016)


The California Attorney General released the California Data Breach Report (February 2016). The report is based on the notifications Californians to the Attorney General of breaches by businesses and government agencies (notification is required by law when affecting more than 500). The report analyzes breaches from 2012 through 2015.

 In 4 years, the Attorney General received reports on 657 data breaches, affecting a total of over 49 million records of Californians (only in 2015 3 in 5 Californians were victims of a data breach).

The type of data breaches — in order of occurrence — are the following:

First by far (54%), malware and hacking (i.e. “data breaches caused by intentional intrusions into computer systems by unauthorized outsiders”);

A distant second, physical breaches (i.e. data breaches resulting from theft or loss of unencrypted data on electronic devices)

Third, Breaches caused by errors (this account, however, for half of government breaches)

As for the industry affected, the retail sector “had the largest share of breaches”, second the financial sector, third the health care (with 16% of breaches), then   and surprisingly small business (15%).

Full report here.

For more information, Francesca Giannoni-Crystal.