Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


12:00 AM
Dark Reading
Dark Reading
Products and Releases


Between 2006 and 2013, Number of Data Security Breaches Reported to NY Attorney General Tripled, Exposing 22.8 Million Personal Records

Washington, D.C. - U.S. Senator Kirsten Gillibrand today introduced two bipartisan bills to better prepare businesses and protect consumers against cyber security attacks and dangerous data breaches. In New York State alone, the number of data security breaches reported to the Attorney General tripled between 2006 and 2013, exposing a total of 22.8 million personal records. The Cybersecurity Information Sharing Credit Act introduced with Senator Jim Moran (R-KA) and the Data Breach Notification and Punishing Cyber Criminals Act introduced with Senator Mark Kirk (R-IL) would establish a comprehensive, national approach to defending against 21st century data threats.

“Hackers have put consumers and businesses in their crosshairs, and have shown they can easily access confidential information we trust can and should remain private. It’s time to improve our security and establish standards that better protect consumers in New York and across the country,” said Senator Gillibrand. “This legislation is an important first step toward a national solution and opportunity to address our vulnerabilities, strengthening defenses against emerging data breaches, taking necessary safeguards to help victims and prosecuting perpetrators of these attacks.”

“Consumers and businesses face constant and evolving threats from cyber criminals who seeks to do us harm. When it comes to detecting and preempting these threats and protecting American consumers from identity theft and financial fraud, information sharing within trusted industry networks has proven to be a valuable tool across numerous sectors of our economy,” said Senator Moran. “The Cyber Information Sharing Tax Credit Act will make participation in these vital ISACs more accessible for all companies, especially those who may not fully understand their risk of cyber-attack or who would not otherwise have the resources to participate in an information sharing organization. As more industries and businesses participate, these networks will help businesses understand and improve their cyber posture and ensure the timely dissemination of information on emerging and increasingly sophisticated cyber threats.”  

“Last year there were more than 780 data breach incidents that exposed millions of Americans’ credit card numbers and personal information like medical history and Social Security numbers,” Senator Kirk said. “By creating a low-cost, easy to implement standard for companies to notify consumers when personal information is stolen and increasing penalties on cyber criminals, we can stay ahead of the hackers and better protect Americans from cyber crimes.”

“Consumers are at a greater risk of hackers stealing their personal information than ever before,” said New York Attorney General Eric Schneiderman. “A national, comprehensive strategy to protect corporations, families and businesses from data breaches is long overdue. I applaud Senator Gillibrand for backing an important tool in stopping future attacks

The Cybersecurity Information Sharing Credit Act would give businesses a tax credit for sharing information about cyber threats with other related businesses. The bill would establish a network of industry-specific groups called Information Sharing and Analysis Centers (ISAC), which would monitor and disrupt cyber-attacks for businesses. ISACs addresses security vulnerabilities through a singular point of response to cyber threats to one business or an entire industry. The refundable credit allows businesses the opportunity to upgrade their online defenses and participate in an information sharing network without high upfront costs. The credit covers expenses including payment to participate in an ISAC.

The Data Breach Notification and Punishing Cyber Criminals Act sets a stronger standard for companies to notify in their data has been breached, and increases penalties for cybercrimes. The bill raises the maximum allowable fines and imprisonment for many of the statutes which cyber criminals are charged: identity theft, conspiracy to commit access device fraud, obtaining information from a protected computer without authorization and computer hacking with intent to defraud. It requires consumers to receive notification within 30 days of discovery of data breaches with a description of information potentially accessed, how to inquire about what personal information was breached, and how the information was unlawfully acquired. There will be a new directive for diplomats at the State Department for apprehending and prosecuting cyber criminals as a top priority in ongoing negotiations in countries that do not have an extradition with United States.

The number of data security breaches reported annually to the New York Attorney General more than tripled between 2006 and 2013. Approximately 5,000 separate data breaches were reported in that period by businesses, nonprofits, and government entities, exposing a combined 22.8 million personal records of New Yorkers.  An unprecedented 7.3 million records exposed in 2013 alone, costing organizations doing business in New York more than $1.37 billion. Since 2006, 241 institutions reported at least three security breaches and five of the ten largest breaches occurred since 2011. At the end of 2014 leading into 2015, there were several high profile data breaches, surpassing normal financial data such as credit cards and pin numbers. Last December, corporate emails, films and personal data were leaked from Sony Pictures. This past February, Anthem Inc. lost millions of customer data including: social security numbers, birthdays, medical IDs and personal addresses.


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...