1.2 Million Mass. Residents Compromised by Data Thefts in 2013

Photo via Shutterstock

By Michael Bednarsky (Patch Staff)

About 1.2 million people in Massachusetts had personal and financial data compromised in 2013, according to the state report released by the Office of Consumer Affairs and Business Regulation.

The figure was driven by a massive data theft at Target Corp. stores, which accounted for nearly 950,000, or 80 percent, of those that were affected.

Consumer advocates and security specialists say thieves are seeking new portals to access everything from Social Security numbers to credit card data. Unsuspecting organizations, such as colleges and universities, are also being earmarked because of the heavy amount of personal information that is obtained from students.

The number of Massachusetts residents who had personal data compromised through educational institutions increased by more than six times, to about 32,000, from 5,200 in 2012.

Briar Group, a restaurant chain with multiple Boston locations, said that cyberthieves had captured customer names and security information from the magnetic strips of credit and debit cards.

Boston Police Department investigators estimated the breach, which happened last fall, hit hundreds of the chain’s customers, including people attending conventions in Boston.

The state requires companies that experience breaches to report them under a 2007 law. The law also mandates that businesses holding personal information about Massachusetts residents train their employees and develop security protocols for keeping the data safe.

The report indicates that persons or businesses owning or licensing personal information of residents of the Commonwealth must carry out a comprehensive Written Information Security Program or “WISP” that contains safeguards appropriate to the size and type of business they have.

Edgar Dworsky, founder of the Somerville-based website ConsumerWorld.org, said that recent data thefts demonstrate that consumers need more transparency and information on how, why, and where data breaches occur. Financial institutions don’t have to inform customers about where a data breach may have occurred when they replace a debit or credit card.

Consumers are encouraged to monitor their credit frequently and avoid sharing personal information through text, email, or over the phone. About.comrecommends paying bills online and shredding pre-approved credit card offers.

Read the report here.

Read the Boston Globe story here.