The New York Attorney general is to provide a Web-based submission form for companies to report data breaches after being overwhelmed by a 40% increase in notifications so far this year.
Companies are required to provide notice to Attorney General Eric Schneiderman’s office, as well as consumers, in line with the New York State Information Security Breach & Notification Act. Previously companies were required to mail, fax, or email a separate data breach form.
“Data breaches are an escalating threat to our personal and national security, and companies need to do more to ensure reasonable security practices and best standards are in place to protect our most sensitive information,” says Schneiderman annoucing the new procedures. “I am committed to stemming the data breach tide. Making notification to my office easier for companies who have experienced a data breach means quicker notification and quicker resolution for New York’s consumers.”
The office has received 459 data breach notices from the first of the year to the start of May, says Schneiderman, as compared with 327 through the same time last year. In the year 2015 alone, the office received 809 data breach notices, with expectations that the number of reported incidents will break the 1000 mark this year.
In July 2014, Schneiderman issued a report examining the growing number, complexity, and costs of data breaches in the New York State over the previous eight years. The report revealed that the number of reported data security breaches in New York more than tripled between 2006 and 2013. In that same period, 22.8 million personal records of New Yorkers were exposed in nearly 5,000 data breaches, which cost the public and private sectors in New York upward of $1.37 billion in 2013.
In addition, the report also found that hacking intrusions were the leading cause of data security breaches, accounting for roughly 40% of all breaches.