Has your data been breached? Reporting requirements vary by state, angry clients and lawyers – NBC Chicago

Editor’s Note: NBC 5 has created a searchable database for Illinois consumers to check and see if the industries they interact with on a daily basis have been breached over the past two years (scroll below- below or click here to use).

This is a persistent threat that consumers face all over the world, and one that often starts with hearing two scary words: data breach.

From the retailers we buy from, to the hospitals, schools, and government agencies we interact with, our Personally Identifiable Information is in many hands these days, it’s annoying when it slips through the fingers of a business and into the palms of the people. pirates or thieves.

But trying to calculate how often Illinois is victimized can be a difficult task.

Although the state of Illinois has laws in place requiring all parties to notify the attorney general’s office if an Illinois’ information has been compromised, the state – like the majority in the United States – does not publish. not these notifications for the public to see. .

But after filing a Freedom of Information Act (FOIA) request for all data breach notifications sent to the state over the past two years, NBC 5 Responds went ahead and did exactly that.

The database is similar to notifications that neighboring states of Illinois, Wisconsin, Iowa, and Indiana already publish regularly to inform the public. (The Illinois AG office said it is exploring ways to do so in the future, but for now, the information is available to anyone who makes a formal request.)

The records have brought to light an urgent statistic: Illinoisians have had their Personally Identifiable Information (PII) exposed or stolen more than 5.5 million times in the past two years.

This averages out to nearly one in two Illinois residents whose information has been hacked since 2020. (Depending on how data breach notifications are reported to the state, it’s impossible to know if the number number of victims includes people whose data has been hacked multiple times.)

The number of victims whose personal information has been compromised is likely to increase.

There are so many data breach notifications sent to the Attorney General’s office every year that NBC 5 Responds only received a third of the notification tapes we requested in August.

But with so many people at risk of having their information stolen, what are businesses and governments doing to protect consumers? And what can you do to protect yourself?

“I’ve had enough.”

Carolina Barrera is one of 5.5 million Illinois struggling with daily anxiety after learning that her Personally Identifiable Information has been breached.

The company responsible for securing this information? Its mobile operator: T-Mobile.

So when Barrera learned that his information had been swept up in the most recent massive hack of T-Mobile’s customer database, his stress was eclipsed by his anger.

This was the number five breach for the wireless service provider in the past four years.

Barrera said that because of this, she did not accept the company’s explanation that a “bad actor illegally accessed unencrypted personal information,” according to the company’s notice to the attorney general’s office. from Illinois.

“A ‘very bad actor’?” Barrera said.[T-Mobile] sent this ridiculous statement. And that’s what made me crazier than anything. “

Carolina Barrera’s personal information was hacked after a cyberattack in August on her phone operator, T-Mobile.

This bad actor racked up a huge score: names, social security numbers and other PIIs from nearly 50 million customers, according to the company’s press release.

“They’ve been hacked quite a bit!” Barrera said. “And they’re supposed to be one of the safest, like the ads say? I don’t think so.”

T-Mobile did not respond to NBC 5 Responds’ request for comment, but the company is by no means the only one.

It was one of 230 companies or institutions that informed the AG’s office of a violation identified in our review of files.

Among the disclosures to the state, some victims disclosed many details.

Like the notification sent by Paddock Publications on January 5, 2021, informing the State that more than 18,000 of its customers were concerned.

Paddock’s notification included details of when staff first identified the problem in their IT systems, the steps they took to further investigate and copies of the notices they were sending to their customers. that were affected.

But other notifications to the state are brief in nature, such as T-Mobile’s August 17 disclosure for its latest data breach.

The different levels of detail provided for each violation made it difficult for those trying to understand the extent of the problem to understand the extent of the problem.

“We are trying to complete a puzzle with more than half of the missing pieces.

NBC 5 Responds surveyed the country to see how many states are issuing data breach disclosures in the ordinary course of business. The total number: 18 states, including Wisconsin, Indiana, and Iowa.

NBC 5 Responds found that 18 states regularly publish information about data breaches affecting their residents.

The fact that less than half of the country publishes this information is mind-boggling to Privacy Rights Clearinghouse, a nonprofit that has been focusing on consumer rights and privacy issues since 1992.

Emory Roane, an attorney for Privacy Rights Clearinghouse, said Illinois is among states that could do more to better educate consumers about these violations.

“I would, unfortunately, like to point out Illinois because it’s quite remarkable how little information your state is sharing,” Roane said. “It’s surprisingly difficult, unbelievably difficult, to get reliable information about the real data breach landscape in the United States.”

Roane points out that there is no federal data breach law or standard for businesses and institutions to follow, meaning that companies’ requirements for notifying customers of a breach vary from ‘state to state.

“There is no federal standard for data breach,” Roane said. “Instead, there are 50 individual laws that vary widely.”

The Illinois attorney general’s office told NBC 5 Responds that the data breach notifications it receives under the law are available to anyone who requests them. In the meantime, the office said it was exploring options for posting this information online in the future.

But in the meantime, NBC 5 Responds is doing just that.

Our team has compiled a list of all the data breaches disclosed in our ongoing Freedom of Information Act request. So far, the team has only received a third of the requested records for 2020 and 2021.

To use the database, find the name of the company, hospital or school you do business with and see if they have reported a violation in the past two years.

Search the table below or click here.

Tools to better inform consumers of potential risks to their personal information should be more readily available and needed, Roane said.

“Data breach notification is one of those areas where we should see a single federal standard. Absolutely, ”Roane said. “It’s a shame, a shame.”

Victims like Carolina Barrera agree. Although T-Mobile has said it offers those affected by its credit monitoring services without data breaches, Barrera believes T-Mobile has given it back the responsibility of monitoring crucial personal information it did not have. .

“I do their job, which is basically what I do,” Barrera said. “And I have to protect myself obviously because they just don’t care about me. Looks like they don’t care.

How to protect yourself from a data breach

There are ways for consumers to protect themselves, given the frequency of businesses experiencing data breaches.

Here are some recommendations from NBC News to prevent your information from being compromised:

  • Always use a unique, strong password for each account or website. So, if a business breach occurs, it doesn’t affect all of your accounts. If you have too many passwords to remember, use a password manager.
  • Use multi-factor authentication. If an account password is breached, Multi-Factor Authentication adds another layer of protection before hackers can gain access to your accounts.
  • Keep an eye on your financial accounts: Set up notifications or security alerts on bank accounts so you know when transactions are taking place.
  • The “haveibeenpwned” website will tell you if your email address or phone number has been exposed in a data breach. To test it, click here.
  • If you’ve been the victim of a data breach that stole your Social Security number or financial / banking information, freezing your credit may prevent thieves from gaining access to your line of credit. But keep in mind that if you use this option, you will need to unfreeze your credit if you plan to apply for a credit card, loan, or anything else that references your credit history.
Source link