Attorney General Bob Ferguson has released his ninth annual data breach report, revealing a record number of breaches in Washington. The report indicates that over 11.6 million data breach notices were sent to residents this year, surpassing the state's population for the first time. This figure marks an increase from last year's 4.8 million notices and exceeds the previous high of 2021 by five million.
The report highlights that there were 279 data breaches affecting at least 500 Washingtonians, a significant rise from the 178 reported last year. Only in 2021 was this number higher, with 286 breaches reported. Smaller breaches affecting fewer than 500 individuals do not require notification to the Attorney General.
Ferguson emphasized the importance of awareness regarding data breaches: "The more people know about data breaches, the more they can protect themselves," he stated. He added that the report offers recommendations for addressing this growing issue and serves as a resource for those seeking to safeguard their personal information.
Cyberattacks remain prevalent, particularly ransomware attacks, which accounted for 78% of all reported breaches this year, up from 68% in 2023. Ransomware attacks comprised over half of all cyberattacks and more than a third of total breaches. These attacks involve encrypting an organization's data and demanding payment for its release.
The rise in affected individuals is partly attributed to two major incidents involving Comcast and Fred Hutchinson Cancer Center, marking the first occurrence of multiple mega breaches—affecting over a million people each—in one year.
Social Security numbers were compromised in over two-thirds (69.5%) of all breaches, maintaining their status as one of the most frequently compromised pieces of personal information since 2016.
The report provides resources and best practices for businesses facing cyberattacks and individuals impacted by data breaches. It also offers strategies to reduce breach risks.
Despite no legislative mandate or funding, Ferguson's office publishes this report as a public service based on notifications received between July 24, 2023, and July 23, 2024.
In recent years, legislative efforts have strengthened Washington's data protection laws. In 2019, Ferguson advocated for legislation enhancing notification requirements following a breach. In collaboration with Rep. Vandana Slatter in 2023, he supported House Bill 1155 to bolster health data privacy protections under the My Health My Data Act.
The latest report includes policy recommendations aimed at further protecting residents' data and reducing associated risks.
For additional details on past reports and guidance on protecting private information, visit the Attorney General’s Data Breach Resource Center at atg.wa.gov/data-breach-resource-center.