(Reuters) – Cyber intrusions and other data breaches put the personal records of 18.5 million Californians, nearly half the state’s population, at risk in 2013, a seven-fold increase over the year before, the state attorney general reported on Tuesday.
The number of data breaches reported by companies and government entities increased 28 percent, from 131 in 2012 to 167 last year, more than half of them, or 53 percent, caused by cyber incursions such as computer hacking and malware, the report said.
The physical loss or theft of laptops and other devices containing unencrypted personal information accounted for 26 percent of the reported breaches last year, while the rest stemmed from unintentional errors and deliberate misuse.
The number of California residents whose personal information was compromised by breaches in data climbed sharply, from about 2.5 million in 2012 to roughly 18.5 million last year, the report said.
The bulk of that increase came from massive cyber intrusions of two large retail chains in 2013, Target Corp and LivingSocial, each of which compromised the personal data of 7.5 million Californians, according to the study.
Preliminary figures comparing the first 10 months of this year with the same period of 2013 show a 30 percent increase, pointing to a steady three-year trend suggesting the problem is on the rise, attorney general’s office spokesman Nick Pacilio said.
Other high-profile retail breaches reported last year include those of hardware giant Home Depot Inc, art supply chain Michaels Stores Inc [MSII.UL] and department store chain Neiman Marcus[NMRCUS.UL].
The first annual report on statewide data breaches in California was issued by Attorney General Kamala Harris in 2012.
“Data breaches pose a serious threat to the privacy, finances and personal security of California consumers,” Harris said in a statement, adding that the key to improved security lies in the greater use of encryption.
Harris urged consumers to scrutinize their bank and credit card accounts for suspicious transactions and to change both their passwords and user IDs in the event that a breach occurs.
Data breaches likely expose the personal information of more consumers in California, the most populous U.S. state, than in others, but state-to-state comparisons are difficult because California has by far the nation’s strictest reporting requirements, Pacilio said.
(Corrects first name of spokesman to Nick, from Mick, in paragraph 6)
(Reporting by Steve Gorman; Editing by Mohammad Zargham)