fb-pixel Skip to main content

Data thefts hit 1.2 million Mass. residents in 2013

The Target breach accounted for nearly 950,000, or 80 percent, of those affected by data thefts last year.AP/File

Nearly one in five Massachusetts residents had their personal or financial information stolen in data breaches last year, a figure driven by a massive data theft at Target Corp. stores, according to a state report set for release Thursday, as cybercrime becomes more frequent, sophisticated, and malicious.

On Tuesday, Home Depot Inc. acknowledged it was reviewing a possible security breach of credit and debit card information that one analyst said could be larger than Target’s, which affected some 40 million customers across the country.

In addition, the New York financial giant JPMorgan Chase & Co. and the parent of grocery stores Shaw’s and Star Market have said in the past month that they are investigating potential cyberthefts.


“All of these companies have to be very nervous,” said Barbara Anthony, undersecretary of consumer affairs and business regulation. “If they’re not leery, they are not being diligent enough.”

All told, about 1.2 million people in Massachusetts had personal and financial data compromised in 2013, according to the report by the Office of Consumer Affairs and Business Regulation. The Target breach accounted for nearly 950,000, or 80 percent, of those affected by data thefts last year.

Consumer advocates and security specialists say thieves are seeking new portals to access everything from Social Security numbers to credit card data, targeting unsuspecting organizations, such as colleges and universities.

And they are succeeding.

Reported incidents of data breaches in Massachusetts increased by 59 percent, according to the state.

Criminals are finding it easier and cheaper to get their hands on the technology to break into a company’s network and exploit flaws, said Rik Ferguson, vice president of security research at Trend Micro, an international security software company.

Fortune 500 companies aren’t the only ones susceptible to data breaches.

Banks, health care companies, restaurants, and colleges all reported compromises of customer data last year, according to the state report.


In some cases, the information was lost because employees sent private information to the wrong address, exposed tax identification numbers through an envelope window, or lost a laptop with personal consumer information.

But in most cases, companies were victims of a malicious attack, according to the report.

Last fall, Briar Group, a restaurant chain with locations in some of Boston’s most bustling neighborhoods, said that cyberthieves had captured customer names, credit card numbers, expiration dates, and security information from the magnetic strips of credit and debit cards.

Boston Police Department investigators estimated the breach hit hundreds of the chain’s customers, including people attending conventions in Boston.

“No company is too small for this to happen to them,” said Andy Obuchowski, the head of security and privacy in the northeast region for the Chicago-based accounting firm McGladrey LLP.

Colleges, universities, and school districts, which collect a trove of personal information about students, from Social Security numbers to parents’ bank accounts, have become more frequent targets. The number of Massachusetts residents who had personal data compromised through educational institutions increased by more than six times, to about 32,000, from 5,200 in 2012.

The state requires that companies that experience breaches report them under a 2007 law.

It also mandates that businesses holding personal information about Massachusetts residents train their employees and develop security protocols for keeping the data safe.

While that helps, recent data thefts demonstrate that consumers need more transparency and information on how, why, and where data breaches occur, said Edgar Dworsky, who is the founder of the website ConsumerWorld.org, based in Somerville.


For example, financial institutions don’t have to inform customers about where a data breach may have occurred when they replace a debit or credit card, Dworsky said.

Dworsky said he worries that data breaches are becoming so common that it may lead consumers to shrug off the risks.

As a result, they may stop checking bank accounts and credit card statements frequently or applying for the monitoring services, he said.

“Because these breaches are happening more and more . . . consumers are becoming numb,” Dworsky said.

“The only thing the consumer can do is be vigilant,” he added.

Deirdre Fernandes
can be reached at deirdre.fernandes@globe.com. Follow her on Twitter @fernandesglobe.