With the recent release of the California Data Breach Report from the office of Attorney General Kamala D. Harris, the state of California is left reeling over the increase of data breach victims. In the year 2013, reported data breaches rose 28% over the prior year. The number of Californians’ affected by such data breaches increased by over 600%. The increase was due largely in part by the breach of the major retailer, Target. The Target breach involved the payment card data of 7.5 million Californians, and 41 million individuals, total. Harris made a call to action by stating, “Data breaches are a serious threat to Californians’ privacy, finances, and even their personal security. As California continues to lead the way in technological innovation, we must also continue to ensure that consumers and business are protected from cybercriminals and others who seek to profit from data breaches.”
Most of the data breaches that were reported to the Attorney General’s office were from the retail industry. The report states that the retail industry reported 26% of the total breaches, followed by finance and insurance with 20%, and health care with 15%. More than half of these breaches that took place in 2013 were caused by computer intrusions. Eighty four percent of the retail industry breaches were the result of malware and hacking.
As the numbers continue to rise, the report recommends that California retailers and financial institutions should:
- Move promptly to update their point-of-sale terminals so that they are chip-enabled and should install the software needed to operate this technology.
- Implement appropriate encryption solutions to devalue payment card data, including encrypting the data from the point of capture until completion of transaction authorization.
- Implement appropriate tokenization solutions to devalue payment card data, including in online and mobile transactions.
- Work together to protect debit cardholders in retailer breaches of unencrypted payment card data.
For retailers, financial institutions and any other consumer facing business that processes and stores sensitive consumer data such as credit card numbers, personal account numbers (PAN), personal identification information (PII), or personal health information (PHI),, a solution such as Voltage SecureData™ can be easily implemented to protect sensitive data at rest, in use, and in transit. It utilizes Voltage Format-Preserving EncryptionTM, Voltage Secure Stateless TokenizationTM, and Voltage Stateless Key Management to protect sensitive data. Voltage SecureData Enterprise is the only comprehensive data protection framework that secures data as it is captured, processed, and stored across devices, operating systems, and databases. It supports compliance regulations such as PCI DSS 3.0 and the Health Insurance Portability and Accountability Act (HIPAA).
For complete point-to-point encryption of retail payment transactions, Voltage offers Voltage SecureData Payments™which can be implemented with mobile and point of sale devices and existing, legacy payment processing systems.
Cardholder data is then protected or tokenized where it is stored, transmitted, or used. Voltage SecureData Payments renders sensitive information useless to unauthorized users and is a proven solution used by leading payment processors, retailers and financial institutions.
For card-not-present environments, such as e-commerce, Voltage offers Voltage SecureData Web™ providing protection from the browser through the payment processing stream. Voltage SecureData Web features the innovative Voltage Page-Integrated Encryption™ (PIE) technology.
This report sheds light on the threat that data breaches pose to California consumers and businesses. Since data breaches are continuing to increase it is crucial that consumers and businesses also increase their security and level of knowledge on cyber security. In the words of Attorney General Harris, “More needs to be done to fight the scourge of online data theft.”
For more information on Voltage solutions for breach protection, please go to www.voltage.com/breach.