North Carolina Attorney General Josh Stein released a report on Thursday that highlights the impact of data breaches on the state in 2018, and paired the report with a bipartisan bill to strengthen breach notifications to include ransomware attacks.
Stein, a Democrat, and N.C. House Rep. Jason Saine, a Republican, introduced a bill to expand the definition of breach to include ransomware attacks, and to tighten breach notification rules. Under the new bill, organizations would have to report ransomware attacks to affected individuals and the state attorney general’s office within 30 days. The bill also would require businesses that own or license personal information to have “reasonable security procedure and practices.”
On the consumer side, the bill reduces the notification window for breaches to 30 days, allows people to freeze their credit cards for free, monitor their credit for free for four years if a consumer reporting agency like Equifax suffers a breach, and requires companies to obtain consent when seeking credit scores.
“North Carolina’s laws on this issue are strong–but they need to be even stronger. Rep. Jason Saine and I want to do everything we can to keep people’s personal information safe,” said Stein.
“Over the last year, we have spent numerous hours working with citizen advocates – like AARP, the Attorney General’s Office, and the North Carolina business community, to ensure that this bill will create strong protections for North Carolina’s citizens’ data,” said Saine. “We are strongly committed to getting this right, and creating a strong framework for protecting our most personal information.”
In conjunction with the bill, Stein’s office released the North Carolina Data Breach Report, which notes that organizations reported more than 1,057 data breaches to the attorney general’s office in 2018, affecting more than 1.9 million residents in North Carolina, a state with just over 10 million people. While the number of people impacted by data breaches fell from 5.3 million in 2017 (a number buoyed by the Equifax breach), the state reported an increase in the total number of breaches.
Diving into the details, nearly 45 percent of breaches were the result of hacking, while 26 percent were attributed to phishing, and 17 percent to accidental release. Hacking saw a decline from 2017, while phishing saw the most growth among categories, growing by 11 percent.