Cybersecurity

Data breaches in Massachusetts — by the numbers

Last year, over 2,400 breaches were reported in Massachusetts, impacting almost 7 million people

NBC Universal, Inc.

You’ve probably received at least one notification that your information has been compromised in a cyberattack. In Massachusetts, about 2 million people have had data compromised in 1,900 incidents disclosed to the state.

Chances are you've received at least one notification that your personal information was compromised in a data breach.

These cyberattacks are happening more frequently than not, impacting millions of Americans. That's why NBC Responds teams across the country have worked together to address the issue.

"I definitely think people are suffering from data breach fatigue," said Eva Velasquez, president and CEO of the Identity Theft Resource Center. "'Gosh, another one? What am I supposed to do now?'"

Data breaches are a growing danger that continues to put millions of people at risk. Not only do they threaten our privacy and security, they threaten that of the entire country.

At a Senate Subcommittee on Consumer Protection hearing this year, Sen. John Hickenlooper, D-Colo., said that 143 million people were affected by data breaches reported in 2023 by 10% of the country's largest companies.

If your information was leaked as part of a data breach, here are a few easy ways to protect your sensitive details.

According to the Consumer Financial Protection Bureau, complaints of data breaches and identity theft have increased in recent years, both nationally and in the commonwealth.

Last year, over 2,400 breaches were reported in Massachusetts. The number of residents impacted almost reached 7 million.

"Massachusetts has done a great job in terms of reporting data breach in the disclosure laws," said Jack Danahy, vice president of strategy at NuHarbor security. "I guess the thing for the individuals to recognize is that their accounts have probably already been stolen many times ... that's one of the harsh realities of this."

According to the latest data from the state, nearly 2 million Massachusetts residents have had their information compromised in 2024.

"Two million records have been stolen ... that could be 500,000 people stolen four times. So, it's hard to know for sure exactly where the data came from," Danahy said.

Our team analyzed the 1,900 breaches that have been disclosed so far. Of those, over 1,300 reported Social Security numbers being compromised, followed by financial accounts and drivers licenses. Health care and finance are the top two sectors that have reported a data breach in Massachusetts.

October is National Cybersecurity Awareness Month.

"I think that every organization, whether it's a vendor or a partner or a public institution, has to be super-transparent about what they know happened," said Danahy. "They should try to be as transparent as possible what they're going to do so it doesn't happen again."

Getting a data notice depends on where you live. In Massachusetts, a written or electronic notice must be sent "within a reasonable amount of time." However, that could take months.

"That number is reportedly still over 200 days. And then it takes on average 70 to 75 days for it to actually be reported. So, it's important that these companies do the forensics and understand what happened, why it happened and who's affected before they go out," said Michael Bruemmer, vice president of Global Data Breach Resolution and Consumer Protection at Experian.

Experts say it's not about if you become a victim, but when.

What to do before hackers strike:

  • Freeze your credit at the big three credit agencies. This will prevent criminals from taking out anything in your name.
  • Keep an eye on your free weekly credit reports, credit score and credit card statements for any unauthorized charges.
  • Get rid of old accounts you don't use. Having too many digital accounts can increase the risk of your data being misused or stolen.
  • "Keep an eye on your email. Keep an eye on your physical mail. If you're getting a letter from a bank or a registry of deeds or what have you that you're not expecting, don't necessarily assume that it's junk mail. It could be the notification of something that's being done in your name that isn't you," Danahy said.
Cybersecurity experts have warned Americans against hacking, phishing, now quishing schemes. Here’s what you need to know about the latest tactic scammers use to steal your information.
Exit mobile version