Over the past decade, California has had the highest number of data breaches and the greatest number of records exposed, according to new research from Comparitech.
In the new report, Protected: Which States Have the Most Data Breaches?, researchers analyzed data on the last 10 years’ worth of data breaches and found that California suffered the most data breaches, with New York and Texas following somewhat far behind.
Since 2008, there have been 1,493 data breaches in California, which have exposed approximately 5.6 billion records in total, the report said. New York saw less than half of that, with only 729 total breaches exposing 239 million records.
“Similar to California, New York is home to a huge number of companies with big, valuable databases. The total number of records exposed, however, isn’t as high as for some states with a fraction of the number of breaches,” the report said.
Though the second-largest state, Texas had the third-highest number of data breaches. Its totals trailed those of New York, with only 661 breaches that accounted for 288 million records exposed.
“The majority of records exposed through data breaches in Texas came out of the Epsilon breach in 2011. The email marketing firm leaked 50 million to 250 million email addresses and names. It worked with several big-name US retailers and financial companies like Kroger, Walgreens, Marriott Rewards, Capital One, and Citibank,” the report said.
While the entire US has suffered 9,696 data breaches since 2008, a handful of states – South Dakota, North Dakota, Wyoming, West Virginia and Hawaii – each had under 30 data breaches in total over the entire decade, according to the report. All told, those 9,696 breaches resulted in more than 10.7 billion records being exposed.
Even though Georgia had only 300 data breaches since 2008, “Georgia is home to what is possibly the most infamous data breach in history: Equifax. In May 2017, the Atlanta-based credit bureau announced a data breach involving 145.5 million Americans’ names, Social Security numbers, birth dates, addresses, and more. That doesn’t even include the non-Americans involved. Despite the breach having occurred more than two years ago, the data has yet to surface, leading some to believe it was a nation-state attack.”