The US data breach list, over a decade, shows a bleak image with billions of exposed files and financial losses of more than 1,6 trillions of dollars.
According to the hitherto known violations from 2008 to 2018 there were almost 9.700 violations in the United States, resulting in more than 10,7 billion entries, with an average loss cost estimated in 2018, at $ 148 per registration.
The information is based only on details published by state sources and multimedia reports. The numbers are likely to be conservative, as data disclosure laws vary from state to state. In fact, there are cases in which the notification of the persons whose data were exposed is not required.
"A security breach must not be reported to a customer if the company or public body finds that misuse of the information is not reasonably possible. Each finding must be documented in writing and kept for five years. - Law on the detection of security breaches of New Jersey.
The details were compiled by Comparitech researchers, who singled out violations by US state, to identify areas most affected by data breaches. The data includes both the results of the violations and the files that have been exposed.
According to the report, California is the US state with the most publicly documented violations, as it is a state where consumer privacy is taken seriously. 1.493 incidents involved 5,59 billion personal files.
It is worth noting that, the the law of that state requires submit a copy of the breach notice to the Attorney General if it affected more than 500 Californians.
In second place is the state of New York in the USA. Comparitech has identified 729 data breaches that have been publicly documented over the past decade. The files exposed in this way amounted to 293 million.
Texas is close by, with 661 events and 288 million records exposed. Most of the personal information came from unauthorized access in 2011 to 250 million email addresses and names managed by marketing company Epsilon. The company acknowledged the invasion.
As you can see, there is not always a balance between the number of files exposed and the number of violations. Oregon data show the state suffered at least 157 security incidents that exposed 1,37 billion records
Most of the email information came from a faulty backup in 2017 that hit a fake marketing company called River City Media (RVC). The MacKeeper researchers saidthat RVC was a spam factory "responsible for sending over one billion emails a day."
As previously mentioned, the data presented in Comparitech report are the minimum. Investigators agree that the actual numbers are higher as some breach reports do not reveal the number of files exposed. In addition, the information "may be below the threshold imposed by the state", or new information may appear later.
Comparitech provides one online document the complete list with US data breaches reported publicly for each state.