In the third annual data breach report, Attorney General Bob Ferguson stated that around 3.4 million residents of Washington fell victim to data breaches between July 2017 and July 2018 and the number keeps rising.
Out of the three categories that Ferguson defined—malicious cyber-attacks, theft or mistake, and unauthorized access—malicious cyber-attacks are the leading cause of data breaches affecting Washington residents.
“Data breaches are a significant threat to Washington individuals and businesses. For the second straight year, the number of Washingtonians impacted by data breaches increased, with nearly 3.4 million Washingtonians affected in 2018. This represents a 26% increase compared to 2017 and more than 700% compared to 2016,” Ferguson stated in its report.
Further, the report also identified deficiencies in Washington state’s data breach notification law and suggested ways to strengthen the same. “The number of Washingtonians impacted by data breaches increased for the second consecutive year. We must strengthen our law to help Washingtonians secure their sensitive information,” Ferguson added.
Some recommendations to toughen Washington’s data breach notification law were:
- Reduction in the deadline for notifying affected individuals and the Attorney General’s Office to 30 days after discovery of a breach
- A preliminary notification to the Attorney General’s Office within ten days after the breach’s discovery
- Expansion of the legal definition of personally identifiable information to include full dates of birth, usernames in combination with passwords, digital signatures, DNA profiles or other forms of biometric data
- Obligation for entities to provide information about the timeline of a breach in their notices to affected individuals and the Attorney General’s Office