In 2017, the number of data breaches exploded in New York state, with a 23% increase in number of reported breaches and the number of exposed individuals quadrupling over 2016, according to New York Attorney General Eric T. Schneiderman, who today released Information Exposes: 2017 Data Breaches in New York State.

In 2017, there were 1,583 data breaches, which exposed the personal records of 9.2 million New Yorkers, Schneiderman said.

The report noted that the exposed information was largely Social Security numbers (40%), followed by financial account information, such as credit card numbers, which accounted for about 33% of exposed records.

Hacking was the leading cause of the breaches, 44%, up from 40% in 2016, the report stated. Yet hacking accounted for 94% of total personal information exposed, largely due to the Equifax breach reported in September. Employee negligence, such as inadvertent exposure of records and insider wrongdoing, was the cause of about 25% of the breaches.

Schneiderman said he planned to introduce legislation that would require Facebook and other social media sites to notify his office and New York consumers when they learn that there has been a breach of personal records. He also urged the New York state legislature to pass legislation he proposed last fall that would close gaps in current data security laws and would cause companies to have legal responsibility to adopt “reasonable” administrative, technical and physical safeguards for sensitive data.

“My office will continue to hold companies accountable for protecting the personal information they manage — but it’s also time for Albany to bring our laws into the 21st century and ensure that New Yorkers are not needlessly victimized by weak data security and criminal hackers,” Schneiderman said.

Schneiderman highlighted some of the major breaches in 2017, including Equifax’s breach affecting 145 million Americans (including 8.5 million New Yorkers). Although first reported in September, the breach happened months earlier. Another large breach occurred at GameStop. It was discovered by the company in April and exposed 111,000 New Yorkers’ financial information.

One problem is so much personal data already is in the hands of bad guys, notes Lou Harvey, CEO of Dalbar, an independent financial services market research firm. “Personal information for more than half the adults in America are already in the hands of cyber-felons,” he said. “The sheer volume of these thefts means that felons now have access to almost everyone’s personal information.” He added that “authentication is now the primary defense, since the felons have already stolen the data.”

Schneiderman recommended that companies take greater precautions, noting they should review the effectiveness of their data security policy, minimize data collection and hold data for the shortest time possible, create a security plan that includes encryption, and take immediate action in the event of a breach.

— Check out Cybersecurity Is ‘Top Risk’ for Financial Services Industry on ThinkAdvisor.