Data breaches in WA at all-time high

OLYMPIA – Attorney General Bob Ferguson released his annual data breach report Nov. 26 which was at an all-time high at 11.6 million data breach notices being to Washingtonians this year compared to 4.8 million last year. This year is the first time that individual notices sent exceeded the state’s population.  

“The more people know about data breaches, the more they can protect themselves,” Ferguson said in the announcement. “This report offers recommendations for responding to a growing problem and continues to be a resource for Washingtonians looking for ways to protect their personal information.” 

The report says 279 breaches impacted at least 500 Washingtonians, marking the second-highest count recorded since 2016. This figure is notably up from 178 breaches reported in 2022, although still shy of the 286 breaches noted in 2021. Breaches affecting fewer than 500 individuals are not required to be reported to the Attorney General’s Office. 

The report identifies cyberattacks, particularly ransomware incidents, as the most prevalent type of breach, comprising 78% of all cases this year—up from 68% in 2022. Ransomware attacks alone accounted for 52% of these incidents and 41% of total breaches. These attacks typically involve malicious code that encrypts an organization’s data, with hackers demanding payment for its release. 

The sharp increase in reported breaches is partially attributed to significant breaches at Comcast and Fred Hutchinson Cancer Center. The report indicates that 69.5% of breaches led to the compromise of Social Security numbers, a recurring issue highlighted in previous reports.