The list of violations data in the US, within a decade, shows a bleak picture with billions of exposed records and financial losses of more than $1,6 trillion.
According to the hitherto known violations from 2008 to 2018 there were almost 9.700 violations in the United States, resulting in more than 10,7 billion entries, with an average loss cost estimated in 2018, at $ 148 per registration.
The information based only on details released by government sources and media reports. The numbers are likely conservative, as data disclosure laws vary from state to state in the US. There are even cases in which it is not required to notify the persons whose data has been exposed.
"A security breach must not be reported to a customer if the company or public body finds that misuse of the information is not reasonably possible. Each finding must be documented in writing and kept for five years. - Law on the detection of security breaches of New Jersey.
The details were compiled by researchers at Comparitech, who broke down the breaches by state in the US to identify the areas most affected by data breaches. The data includes both the Results of violations as well as the records exposed.
According to the report, California is the US state with the most publicly documented violations, as it is a state where consumer privacy is taken seriously. 1.493 incidents involved 5,59 billion personal files.
It is worth noting that, the the law of that state requires submit a copy of the breach notice to the Attorney General if it affected more than 500 Californians.
In second place is the state of New York in the USA. Comparitech has identified 729 data breaches that have been publicly documented over the past decade. The files exposed in this way amounted to 293 million.
Close behind is Texas, with 661 events and 288 million records exposed. Most personal information came from unauthorized access in 2011, to 250 million email addresses post officey and names managed by Epsilon trading company. The company acknowledged the invasion.
As you can see, there is not always a balance between the number of files exposed and the number of violations. Oregon data show the state suffered at least 157 security incidents that exposed 1,37 billion records
Most of the email information came from a faulty backup security in 2017 that hit a fake marketing company called River City Media (RVC). The MacKeeper researchers saidthat RVC was a spam factory "responsible for sending over one billion emails a day."
As previously mentioned, the data presented in Comparitech report are the minimum. Investigators agree that the actual numbers are higher as some breach reports do not reveal the number of files exposed. In addition, the information "may be below the threshold imposed by the state", or new information may appear later.
Comparitech provides one online document the complete list with US data breaches reported publicly for each state.