A new analysis of 10 years’ worth of figures on data breaches reveals that California by far holds the dubious distinction of suffering the most breaches as well as leaking the most records. Meanwhile, a Florida city has agreed to pay hackers about $600,000 in Bitcoin to be released from ransomware that gummed up its online systems.
New York is number 2 in the ranking of states by breaches, with Texas, Florida, and Georgia placing third, fourth, and fifth, according to the analysis by Comparitech, a United Kingdom-based research firm.
The data also reveals that 2017 was a record year for breaches in the United States, at 1,683, though the number fell in 2018 to 1,237, a 27% drop. Breaches so far this year have totaled 454, according to Comparitech’s data.
Since 2008, California has sustained 1,493 breaches that yielded 5.59 billion records, Comparitech reported. New York isn’t even close, with 729 breaches in which perpetrators accessed 293 million records.
As the analysis points out, both states are home to large companies with significant storehouses of digital data. However, some states gave up more records on a smaller number of intrusions. Maryland, for example, has sustained 236 breaches but yielded 388 million records. Oregon’s total has come to 1.37 billion records on 152 incidents, but Comparitech notes that most of these records were exposed in a single breach, that of River City Media in 2017.
The firm’s primary data sources were the Privacy Rights Clearinghouse and the Identity Theft Resource Center. It assigned breaches to the states where the records were exposed, but in some cases an intrusion was allocated to the state where the victim was headquartered, as the incident involved several states.
For breaches that were “U.S.-wide,” Comparitech says, it assigned the incidents to a national category. This U.S. category shows 20 breaches accounting for a whopping 1.19 billion records. The study covers data from 2008 through 2019 to date.
In other data-security news, the City Council of Riviera Beach, Fla., a town of about 35,000 just north of West Palm Beach, on Monday authorized its insurer to pay a fraudster’s demand for 65 Bitcoin, worth about $600,000, to be released from ransomware that paralyzed the city’s computer system, The Palm Beach Post reported. The ransomware became active after an employee in the Police Department downloaded an infected email attachment May 29, the newspaper said.
The ransomware affected numerous city operations, including email, telephones, and water-pumping stations. Online payments of city bills became impossible. Many of the affected systems were again operating early this week. The attack prompted the city to fast-track a planned computer upgrade, the Post said.
Other cities have been hit by ransomware attacks, with some of the most serious happening in Baltimore and Atlanta. Many cities struggle with how to manage ransomware-induced crises when they happen, says Trace Fooshee, a senior fraud analyst at Boston-based research firm Aite Group LLC.
“I’d point to what happened with Baltimore as an example,” Fooshee tells Digital Transactions News by email. “Several of their systems were hijacked by a ransomware attack that demanded less than $100,000 in Bitcoin. In the weeks it took for city officials to devise a plan for managing the crisis they put the city at risk of losing almost $19 million in revenue.”
—With additional reporting by Jim Daly