NOTICE: This is an archived press release. Information contained on this page may be outdated. Please refer to our latest press releases for up-to-date information.

Post date: May 4 2016

A.G. Schneiderman Announces Record Data Breach Notifications For 2016

Breach Notifications Up 40% Over Same Period Last Year

Schneiderman Unveils New Electronic Submission Form For Future Data Breach Notifications

NEW YORK – Attorney General Eric T. Schneiderman today announced that his office has received an over 40% increase in data breach notifications involving New Yorkers so far this year as compared to the same time last year. Companies are required to provide notice to Attorney General Eric Schneiderman’s office, as well as consumers, pursuant to the New York State Information Security Breach & Notification Act. The Attorney General’s Office works with companies to protect consumers upon notification. To meet the increased volume and to provide efficiency in reporting, his office has now provided companies with the ability to file notice electronically via a web submission form on the New York State Attorney General’s office website here

“Data breaches are an escalating threat to our personal and national security, and companies need to do more to ensure reasonable security practices and best standards are in place to protect our most sensitive information,” said Attorney General Schneiderman. “I am committed to stemming the data breach tide.  Making notification to my office easier for companies who have experienced a data breach means quicker notification and quicker resolution for New York’s consumers.”

The office has received 459 data breach notices from the first of the year through May 2, 2016, as compared with 327 through the same time last year. In the year 2015 alone, the office received 809 data breach notices.  The office is expecting to receive well over 1000 notices for the year, a new record.

Companies may now notify the Attorney General’s Office of a data breach via a web submission form in order to expedite and streamline the process.  Previously, and consistent with most other state attorneys general offices, companies were required to mail, fax, or email a separate data breach form.

Last year, Attorney General Schneiderman proposed legislation in Albany to overhaul New York State’s data security law requiring new and unprecedented safeguards for the personal data of consumers. The bill would broaden the scope of information that companies would be responsible for protecting; requires stronger technical and physical security measures for protecting information; and creates a safe harbor for companies who meet certain security standards, incentivizing them to adopt additional measures to protect personal data.

In July 2014, Attorney General Schneiderman issued a report examining the growing number, complexity, and costs of data breaches in the New York State. Using information provided to the office pursuant to the New York State Information Security Breach & Notification Act, the report, titled "Information Exposed: Historical Examination of Data Security in New York State, analyzed eight years of security breach data and how it has impacted New Yorkers. The report revealed that the number of reported data security breaches in New York more than tripled between 2006 and 2013. In that same period, 22.8 million personal records of New Yorkers were exposed in nearly 5,000 data breaches, which cost the public and private sectors in New York upward of $1.37 billion in 2013. In addition, the report also found that hacking intrusions – in which third parties gain unauthorized access to data stored on a computer system – were the leading cause of data security breaches, accounting for roughly 40 percent of all breaches. Attorney General Schneiderman’s report also presented new recommendations on steps that both organizations and consumers can take to protect themselves from data loss.