Forbes used FBI data from the federal agency's Internet Crime Complaint Center to determine how many Americans were impacted during the five-year period, which type of breach was the most common and which resulted in the highest financial loss.
The most expensive breach for Golden State residents came from compromised email accounts, which cost 14,925 victims more than $1.18 billion. That was followed by 12,205 victims duped by online romance schemes at a cost of $516.2 million.
Other ripoffs came in the form of investment scams (5,270 victims lost nearly $440 million), real estate fraud (11,365 victims lost $176.4 million) and personal data theft (31,742 victims lost $163.4 million).
Texas weathered the second-biggest financial loss in the Forbes report with 179,217 people impacted by data breaches at a total cost of more than $1.8 billion. New York was next (141,170 victims lost $1.77 billion), followed by Florida (198,830 victims lost $1.72 billion) and Ohio (64,926 victims lost $776.8 million) to round out the top five.
A Long List
The list of California companies that have had data stolen this year and in 2021 is long and includes Blue Shield of Southern California; Kaiser Foundation Health Plan, Southern California; Lending Tree; Ernest Packaging Solutions; and Professional Finance Co., among scores of others.
Kaiser is among the companies that notified the Attorney General's Office of a breach.
In a letter sent to Kaiser members on July 15, 2022, the healthcare provider said on May 20 it discovered someone had broken into a storage locker at its Los Angeles Medical Center and stolen an iPad along with the password to the tablet. The iPad had been used at a Kaiser COVID-19 testing site by employees and contained photos of COVID-19 lab specimen labels but no photos of patients.
Alina Harris, Kaiser's privacy and security officer, said the company had no specific evidence that patient information was accessed and/or viewed by the thief.
"As a result, we are notifying you of this matter out of an abundance of caution," Harris said in the letter.
Kaiser said it initiated an investigation into the theft, notified law enforcement and remotely erased all data from the iPad, including the photos.
In a statement issued Monday, the healthcare company said no Social Security numbers or financial information were included in the data on the iPad.
LendingTree told customers it discovered a code vulnerability on June 3, 2022, that likely resulted in the "unauthorized disclosure of some sensitive personal information." The company suspects the breach — which included access to names, Social Security numbers, birth dates and street addresses — began in mid-February.
"The vulnerability in the code no longer exists, and we are working to implement additional security measures to protect consumers who visit our online interfaces," Lending Tree CEO Arun Sankaran said in his letter to customers.
$20.1 Billion Lost
On a broader scale, Forbes said that from 2017-2021 more than 2.3 million data breaches occurred throughout the U.S., Guam, U.S. Virgin Islands and Northern Mariana Islands, generating a total financial loss of $20.1 billion.
In a statement issued last year, California Attorney General Rob Bonta urged hospitals and other healthcare facilities to ensure safeguards are in place to deter data breaches.
"I implore all entities that house confidential health-related information to be vigilant and take steps now to protect patient data before a potential cyberattack," he said.
(c)2022 The Whittier Daily News, Calif. Distributed by Tribune Content Agency, LLC.