TRENTON – In an effort to educate the public about online privacy risks, Attorney General Gurbir S. Grewal and the New Jersey State Police today announced 2017 statistics regarding data breaches affecting New Jersey residents. The statistics showed that 958 data breaches were reported to State Police in 2017, a 41 percent increase from the 676 breaches reported to State Police in 2016. During 2017, the Attorney General’s Office also over saw a number of significant data privacy investigations, which resulted in $4.8 million in civil settlements with the State.

The single largest data breach reported in 2017 involved Equifax, which affected more than 4 million New Jersey residents. In total, the 958 breaches reported in 2017 affected more than 4.38 million accounts belonging to New Jersey residents( the vast majority of which resulted from the Equifax breach). In 2016, the first year that the Attorney General’s Office collected such data, approximately 116,000 New Jersey account holders were affected by data breaches.

As part of today’s announcement, and in conjunction with National Cybersecurity Month, the Division of Consumer Affairs (DCA) is also releasing tips for New Jersey residents about how they can better protect their sensitive personal information. The effort is part of a broader effort by Attorney General Grewal to strengthen the state’s cybersecurity protections, and follows an announcement earlier this year the creation of a Data Privacy & Cybersecurity Section within the Division of Law (DOL) to investigate data privacy cases and advise state agencies on related matters.
“As more of our daily activities take place online and on our devices, we must be increasingly vigilant to protect our personal information.” said Attorney General Grewal. “Cybersecurity Awareness Month reminds us to take an extra look at our accounts. I encourage everyone to review the tips for keeping yourself and your information safe and to report any activity that seems suspicious.”

"We want New Jersey residents to take the time to view the security of their online accounts as they would the security of their homes and vehicles," said Colonel Patrick Callahan of the New Jersey State Police. "As our public safety and homeland security missions evolve, so too will the troopers tasked with investigating and preventing crime whether it is on land, water, air, or on the internet."

The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) is the state’s one-stop shop for cybersecurity information sharing, threat analysis, and incident reporting. Located at the State Police Regional Operations Intelligence Center (ROIC), the NJCCIC brings together analysts and engineers to promote statewide awareness of cyber threats and widespread adoption of best practices.

“In today’s digital economy, it’s difficult, if not impossible for consumers to avoid having their personal information end up stored in multiple databases,” said, Paul R. Rodríguez, Acting Director of the Division of Consumer Affairs. “Consumers must become their own first line of defense against identity theft and other cyber-crimes. As the Division continues to protect consumers by vigilantly enforcing laws requiring companies to secure the data they collect, we encourage consumers to visit our website for tips on safeguarding their personal information online and to immediately file complaints against cyber predators.

“The world is becoming increasingly interconnected by the minute. Our computers, phones, refrigerators, and televisions all connect to the internet. Cybersecurity has become a major priority, which is why the NJCCIC is such a critical component of NJOHSP,” said Jared Maples, Director of the New Jersey Office of Homeland Security and Preparedness. “People that interact with these connected devices are often the first line of defense in cybersecurity. However, it also means they are the biggest vulnerability. As a result, cybersecurity is everyone’s responsibility. Training and general cybersecurity awareness is imperative to protect the residents and visitors of New Jersey.”

“Over the course of the year, the NJCCIC has published its “Be Sure to Secure” series of best practices that New Jersey citizens can use to help protect their privacy and the security of their sensitive information,” said Michael Geraghty, Director of the New Jersey Cybersecurity and Communications Integration Cell. “We encourage everyone to review and implement these best practices. They can be found at www.cyber.nj.gov/be-sure-to-secure.”

The Attorney General’s Office and the State Police today released the following information on data breaches in New Jersey in 2017 Data breaches may involve identity theft or unauthorized access or use of personal health information, trade secrets or intellectual property. These totals include only incidents that were required by law to be reported to the State Police because they met the definition of “data breach” under New Jersey law. Other incidents that might be considered “data breaches” but that did not meet the statutory definition would not have been reported to State Police or included in these statistics.

Total Number of Data Breaches Reported in 2017(reported to New Jersey State Police as required by N.J.S.A. 56:8-163):

4,382,853

Business sectors affected (estimates):

The business sectors most often involved with breaches include finance/banking, health services followed by business services and retail trade. Other areas include education, restaurant, industrial/manufacturing, hotels, non-profits, non-medical insurance, and telecommunications, among others.

The New Jersey Attorney General’s Office, through the Division of Law and the Division of Consumer Affairs, has taken action this year in the following cases to protect consumers:

The NJCCIC statewide campaign:

 “2FA for New Jersey” or “#2FA4NJ” – to promote awareness of two-factor authentication (2FA). From securing email accounts to remote access tools and online banking, 2FA is a simple but highly effective best practice for protecting against identity theft and bolstering privacy. For more information, visit the NJCCIC website: www.cyber.nj.gov. The website allows individuals to directly report data breaches or cyber incidents, and allows residents to register to receive alerts, advisories, bulletins and training information.

The Division of Consumer Affairs outreach:

The Division of Consumer Affairs offers the following Tips to Consumers:

Cybersecurity Resources:

Follow the New Jersey Attorney General’s Office online at Twitter, Facebook, Instagram, Flicker & YouTube. The social media links provided are for reference only. The New Jersey Attorney General’s Office does not endorse any non-governmental websites, companies or applications.

####