Proper Encryption could have prevented Massachusetts’ high number of identity theft reports
Massachusetts has been diligent about requiring banks, businesses, hospitals and other companies to alert the state when vital information belonging to MA residents is stolen or lost since October of 2007. 45 other states have the same requirement. MA decided to jump on the bandwagon after a large breach occurred within TJX Companies (think Marshalls and TJ Maxx.) Often times, these breaches occur through unsecured networks linked to credit card processing services.
Sadly, nearly half of Massachusetts’ residents (approximately 3.2 million) have had their personal information stolen, or have lost it within the past 4 years. This is confirmed by a report released by Massachusetts’ Office of Consumer Affairs and Business Regulation.
Financial institutions were hit the hardest in regards to security breaches due to improper encryption. According to the report, there were 955 incidents reported over the past four years, which exposed the personal information of 901,156 people. Typically, the breaches came when people tried to use their credit cards at retail institutions. The health care industry was also hit pretty hard with 214 breaches, resulting in an even larger amount of data exposed: 983,746 people had their information compromised. One breach in particular, at South Shire Hospital in Weymouth, Massachusetts was responsible for the majority of the breaches: 800,000 records were compromised from their hospital in 2010.
The saddest part of this situation is that due to the regulations the state has mandated, all of this could have been avoided. Most of the companies attacked had not been PCI complaint or followed proper encryption guidelines. If the devices (such as Wireless Mobile Credit Card Processing units) transmitting their information had been encrypted, then it could have saved at least 47% of the victims the trouble of having to reclaim their identity. That’s almost 1.5 million people.