The following editorial originally appeared in The Seattle Times:
It’s a fact of digital life: Your personal data is constantly at risk of being stolen. But if you feel things have gotten worse, it’s not your imagination. As the pandemic moved more people online for work and play, cybercriminals took notice.
In the last year, there were 280 large data breaches reported to the Washington Attorney General’s Office. Breached businesses and agencies sent 6.3 million notices to Washingtonians, according to a recent report, the most since the AG began keeping track in 2015. It nearly doubled the previous high, set in 2018 after a data breach of credit-reporting agency Equifax affected more than 3 million people in the state.
“Washingtonians are best able to safeguard their data when they are aware of the threats — and the threats have never been greater,” Attorney General Bob Ferguson said in a release.
The state was not spared in the worldwide increase in ransomware attacks — which even impacted U.S. beef and fuel supplies this year — where hackers demanded money to restore access to a victim’s information. From July 2020 to July 2021, Washington recorded 150 large ransomware incidents, more than the previous five years combined.
Washington has one of the most comprehensive data breach notification laws in the country, but as threats persist it must continue to be strengthened.
Government agencies are already required to report when a breach includes the last four digits of a Social Security number; this requirement should also apply to businesses. Tribal identification numbers and Individual Tax Identification Numbers, often used by immigrants who don’t have a Social Security number, should also fall under the definition of “personal information” that requires notification if stolen.
These are easy fixes for lawmakers to undertake next year, but there also are measures we all can take to prevent or mitigate the impact of a breach. Even if your data has been compromised in the past without apparent consequence, each new incident provides an opportunity for bad actors to abuse your information.
While there is no foolproof way to safeguard your data, a few simple steps can help keep you protected. Use two-factor authentication on your accounts, which uses more than a password to confirm your identity, and always keep your operating system and apps up to date.
Experts also recommend never using a password twice, so consider a password manager that generates and remembers random passwords for you. There are also services that generate credit card numbers or email addresses meant for one-time use. Even if hackers gain access to that information, your real data is kept safe.
The benefits of a digital world are many, but with cybercriminals on the prowl the price for that convenience is eternal vigilance.