TRENTON – Attorney General Christopher S. Porrino and the New Jersey State Police today announced that 676 data breaches were reported to the State Police in 2016 affecting more than 116,000 New Jersey account holders. October is National Cybersecurity Month, and the announcement – the first release of annual statistics on data breaches in the state – was made as New Jersey offered advice and resources to residents to protect their sensitive personal information. The Attorney General’s Office also highlighted legal actions taken this year by the Division of Law and Division of Consumer Affairs to address data breaches.
“Doing business online and on our devices has become so routine that it’s easy to let our guard down. But as these statistics on data breaches highlight, it’s critical that we protect our sensitive personal information from the many who seek to access it for harmful ends,” said Attorney General Christopher Porrino. “The internet touches almost all aspects of our daily life, whether we realize it or not, and Cyber Security Awareness Month is a good time to examine whether our accounts are secure. I urge everyone to take advantage of the great resources New Jersey offers in this area.”
To assist in tackling these security challenges, the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) acts as the state’s one-stop shop for cybersecurity information sharing, threat analysis, and incident reporting. Located at the State Police Regional Operations Intelligence Center (ROIC), the NJCCIC brings together analysts and engineers to promote statewide awareness of cyber threats and widespread adoption of best practices.
“Our mission is to help make NJ more resilient to cyber attacks. We encourage all NJ residents and businesses to reach out to the NJCCIC for advice, to subscribe to our alerts, and to report incidents via our website – www.cyber.nj.gov,” said Michael Geraghty, Director of the NJCCIC.
“The statistics compiled present a sobering picture of the challenges that face us when it comes to cyber security,” said Sharon Joyce, Acting Director of the Division of Consumer Affairs. “We urge citizens to use the resources available through the Division of Consumer Affairs in order to protect themselves and their loved ones from identity theft and other forms of cybercrime. In addition, the Division remains committed to protecting consumers from those companies that fail to safeguard or improperly gather personal information.”
The information released by the Attorney General’s Office and the State Police details data breaches in New Jersey occurring in 2016. Data breaches involve the unauthorized access to personal information, which may include a person’s first and last name linked with a social security number, driver’s license number, or account, debit, or credit card number. Under New Jersey law, any business that operates in New Jersey or any public entity that compiles or maintains computerized records that include personal information must disclose any breach of security to customers who are New Jersey residents and whose personal information was or believed to have been accessed by an unauthorized person.
The business sectors most often involved with breaches include finance/banking, health services followed by business services and retail trade. Other areas include education, restaurant, industrial/manufacturing, hotels, non-profits, non-medical insurance, and telecommunications, among others.
The methods used to breach security were led by phishing, a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, instant message or other communication channels, and hacking. Website malware, employee incident, unauthorized email access and ransomware were also utilized.
The New Jersey Attorney General’s Office, through the Division of Law and the Division of Consumer Affairs, has taken action this year in the following cases to protect consumers
The NJCCIC this month launched a statewide campaign
“2FA for New Jersey” or “#2FA4NJ” – to promote awareness of two-factor authentication (2FA). From securing email accounts to remote access tools and online banking, 2FA is a simple but highly effective best practice for protecting against identity theft and bolstering privacy. For more information, visit the NJCCIC website: www.cyber.nj.gov. The website allows individuals to directly report data breaches or cyber incidents, and allows residents to register to receive alerts, advisories, bulletins and training information.
The Division of Consumer Affairs has also engaged in the following outreach:
The Division of Consumer Affairs offers the following Tips to Consumers:
Avoid clicking on e-mail links or attachments from unknown individuals, financial institutions, computer services or government agencies. To check out the message, go to the sender`s legitimate public website, and use the contact information provided.
Adjust device privacy settings to control sharing of data between applications, software and address books.
Choose a strong password containing letters, numbers and symbols. If a website offers two-factor authentication security, use it.
To protect your device from unauthorized access and malware software, install security software, often available from your internet provider, and ensure that firewall and anti-virus protections are updated continually.
Before disposing of any electronic device, wipe the hard drive using specialized software that will overwrite your information; or donate the device to a certified recycling facility that follows government standards for the destruction of data.
Avoid free Wi-Fi, especially for health, financial, and other personal transactions.
Under federal law, consumers can get three free credit reports per year through www.annualcreditreport.com. New Jersey law entitles consumers to an additional three free credit reports annually – one from each of the national credit reporting agencies. Scrupulous checking of credit reports, bank and credit card statements, and subscription services can catch identity theft at its earliest stages.
New Jersey Division of Consumer Affairs, Office of Consumer Protection, Cyber Fraud Unit
New Jersey Cybersecurity and Communications Integration Cell (NJCCIC)
New Jersey State Police Cyber Crimes Unit
Federal Communications Commission Cyberplanner
U.S. Department of Health and Human Services – HIPAA for Professionals
United States Small Business Administration’s “Cybersecurity for Small Businesses” training
American Institute of CPAs – Cybersecurity Resource Center
United States Computer Emergency Readiness Team
United States Department of Homeland Security, Cyber Security Division
National Cybersecurity and Communications Integration Center
Free Annual Credit Report Website Authorized by Federal Law
U.S. Department of Health and Human Services – HIPAA for Individuals
Follow the New Jersey Attorney General’s Office online at Twitter, Facebook, Instagram & YouTube. The social media links provided are for reference only. The New Jersey Attorney General’s Office does not endorse any non-governmental websites, companies or applications.