116,000 New Jerseyans 'Hacked' In 2016: Who Was Targeted?

More than 116,000 New Jerseyans were victims of data breaches in 2016, according to the Office of Attorney General. In total, 676 data breaches were reported to the State Police in 2016, Attorney General Christopher S. Porrino and the New Jersey State Police announced this week as part of the state's efforts to address cybersecurity.

The Office of Attorney General offered advice and resources to residents to protect their sensitive personal information, and highlighted legal actions taken this year by the Division of Law and Division of Consumer Affairs to address data breaches.

“Doing business online and on our devices has become so routine that it’s easy to let our guard down. But as these statistics on data breaches highlight, it’s critical that we protect our sensitive personal information from the many who seek to access it for harmful ends,” Attorney General Christopher Porrino said in a release.

Data breaches involve the unauthorized access to personal information, which may include a person’s first and last name linked with a social security number, driver’s license number, or account, debit, or credit card number, according to the release.

Under the law, any business that operates in New Jersey, or any public entity that compiles or maintains computerized records that include personal information, must disclose any breach of security to New Jersey residents who were impacted.

The business sectors involved with breaches include:

• Finance/banking
• Health services
• Business services
• Retail trade
• Education
• Restaurant
• Industrial/manufacturing
• Hotels
• Nonprofits
• Non-medical insurance
• Telecommunications

The methods used to breach security were led by phishing, a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, instant message or other communication channels, and hacking.

Website malware, employee incident, unauthorized email access and ransomware were also utilized, according to the release.

The New Jersey Attorney General’s Office, through the Division of Law and the Division of Consumer Affairs, also took action in the following cases to protect consumers

• Vizio: On Feb. 6, 2017, Porrino and the Division of Consumer Affairs announced that Smart TV manufacturer Vizio, Inc. agreed to pay the State and the Federal Trade Commission$2.5 million and change their business practices to settle allegations they violated the New Jersey Consumer Fraud Act and the Federal Trade Commission Act by surreptitiously tracking consumers’ television viewing habits and selling the information to marketing companies and data brokers.
• Horizon: On Feb. 17, 2017, the Division of Consumer Affairs announced a settlement with Horizon Healthcare Services, Inc., or Horizon Blue Cross Blue Shield of New Jersey, to resolve claims under the New Jersey Consumer Fraud Act and the federal Health Insurance Portability Accountability Act, as amended by the Health Information Technology For Economic and Clinical Health Act In a complaint filed in the United States District Court for the District of New Jersey, the State alleged that Horizon violated the CFA and HIPAA/HITECH by failing to properly protect the privacy of nearly 690,000 New Jersey policyholders whose unencrypted personal information was contained on two laptops stolen from the insurer’s Newark headquarters. Under the terms of the settlement, Horizon agreed to pay the state $1.1 million.
• Target: On May 23, 2017, Porrino announced that Target Corp. agreed to pay New Jersey, 46 other states and the District of Columbia a total of more than $18 million to resolve a multi-state investigation into a data breach that compromised the payment card information of more than 41 million shoppers nationwide. New Jersey, which was a member of the multi-state executive committee, received a total payout of $680,411 from Target.

“Our mission is to help make New Jersey more resilient to cyber attacks. We encourage all NJ residents and businesses to reach out to the NJCCIC for advice, to subscribe to our alerts, and to report incidents via our website – www.cyber.nj.gov,” said Michael Geraghty, Director of the NJCCIC.

The NJCCIC this month launched a statewide campaign “2FA for New Jersey” or “#2FA4NJ” – to promote awareness of two-factor authentication (2FA). From securing email accounts to remote access tools and online banking, 2FA is a simple but highly effective best practice for protecting against identity theft and bolstering privacy.

For more information, visit the NJCCIC website: www.cyber.nj.gov. The website allows individuals to directly report data breaches or cyber incidents, and allows residents to register to receive alerts, advisories, bulletins and training information.

Patch file photo