Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


12:00 AM
Dark Reading
Dark Reading
Products and Releases


Between 2006 and 2013, Number of Data Security Breaches Reported to NY Attorney General Tripled, Exposing 22.8 Million Personal Records

Washington, D.C. - U.S. Senator Kirsten Gillibrand today introduced two bipartisan bills to better prepare businesses and protect consumers against cyber security attacks and dangerous data breaches. In New York State alone, the number of data security breaches reported to the Attorney General tripled between 2006 and 2013, exposing a total of 22.8 million personal records. The Cybersecurity Information Sharing Credit Act introduced with Senator Jim Moran (R-KA) and the Data Breach Notification and Punishing Cyber Criminals Act introduced with Senator Mark Kirk (R-IL) would establish a comprehensive, national approach to defending against 21st century data threats.

“Hackers have put consumers and businesses in their crosshairs, and have shown they can easily access confidential information we trust can and should remain private. It’s time to improve our security and establish standards that better protect consumers in New York and across the country,” said Senator Gillibrand. “This legislation is an important first step toward a national solution and opportunity to address our vulnerabilities, strengthening defenses against emerging data breaches, taking necessary safeguards to help victims and prosecuting perpetrators of these attacks.”

“Consumers and businesses face constant and evolving threats from cyber criminals who seeks to do us harm. When it comes to detecting and preempting these threats and protecting American consumers from identity theft and financial fraud, information sharing within trusted industry networks has proven to be a valuable tool across numerous sectors of our economy,” said Senator Moran. “The Cyber Information Sharing Tax Credit Act will make participation in these vital ISACs more accessible for all companies, especially those who may not fully understand their risk of cyber-attack or who would not otherwise have the resources to participate in an information sharing organization. As more industries and businesses participate, these networks will help businesses understand and improve their cyber posture and ensure the timely dissemination of information on emerging and increasingly sophisticated cyber threats.”  

“Last year there were more than 780 data breach incidents that exposed millions of Americans’ credit card numbers and personal information like medical history and Social Security numbers,” Senator Kirk said. “By creating a low-cost, easy to implement standard for companies to notify consumers when personal information is stolen and increasing penalties on cyber criminals, we can stay ahead of the hackers and better protect Americans from cyber crimes.”

“Consumers are at a greater risk of hackers stealing their personal information than ever before,” said New York Attorney General Eric Schneiderman. “A national, comprehensive strategy to protect corporations, families and businesses from data breaches is long overdue. I applaud Senator Gillibrand for backing an important tool in stopping future attacks

The Cybersecurity Information Sharing Credit Act would give businesses a tax credit for sharing information about cyber threats with other related businesses. The bill would establish a network of industry-specific groups called Information Sharing and Analysis Centers (ISAC), which would monitor and disrupt cyber-attacks for businesses. ISACs addresses security vulnerabilities through a singular point of response to cyber threats to one business or an entire industry. The refundable credit allows businesses the opportunity to upgrade their online defenses and participate in an information sharing network without high upfront costs. The credit covers expenses including payment to participate in an ISAC.

The Data Breach Notification and Punishing Cyber Criminals Act sets a stronger standard for companies to notify in their data has been breached, and increases penalties for cybercrimes. The bill raises the maximum allowable fines and imprisonment for many of the statutes which cyber criminals are charged: identity theft, conspiracy to commit access device fraud, obtaining information from a protected computer without authorization and computer hacking with intent to defraud. It requires consumers to receive notification within 30 days of discovery of data breaches with a description of information potentially accessed, how to inquire about what personal information was breached, and how the information was unlawfully acquired. There will be a new directive for diplomats at the State Department for apprehending and prosecuting cyber criminals as a top priority in ongoing negotiations in countries that do not have an extradition with United States.

The number of data security breaches reported annually to the New York Attorney General more than tripled between 2006 and 2013. Approximately 5,000 separate data breaches were reported in that period by businesses, nonprofits, and government entities, exposing a combined 22.8 million personal records of New Yorkers.  An unprecedented 7.3 million records exposed in 2013 alone, costing organizations doing business in New York more than $1.37 billion. Since 2006, 241 institutions reported at least three security breaches and five of the ten largest breaches occurred since 2011. At the end of 2014 leading into 2015, there were several high profile data breaches, surpassing normal financial data such as credit cards and pin numbers. Last December, corporate emails, films and personal data were leaked from Sony Pictures. This past February, Anthem Inc. lost millions of customer data including: social security numbers, birthdays, medical IDs and personal addresses.


Recommended Reading:

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-12
The Fatek Automation WinProladder Versions 3.3 and prior are vulnerable to an integer underflow, which may cause an out-of-bounds write and allow an attacker to execute arbitrary code.
PUBLISHED: 2021-04-12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
PUBLISHED: 2021-04-12
An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile.
PUBLISHED: 2021-04-12
A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token
PUBLISHED: 2021-04-12
A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files.