On November 26, 2024, the Washington Office of the Attorney General (AG) released its ninth annual data breach report showing that data breaches reached an all-time high in the last decade.

Data breach statistics

The AG outlined that over 11.6 million data breach notices went out to individuals in Washington in 2024, compared to 4.8 million in 2023, and that data breaches impacting at least 500 Washingtonians went up by 279 in 2024. The AG explained that this was in part due to two mega breaches (breaches affecting more than a million individuals) at Comcast and Fred Hutchinson Cancer Center.

Moreover, the AG clarified that:

• cyberattacks, particularly ransomware attacks, remained the most common type of breaches, representing 78% of all reported breaches, compared to 68% in 2023; and
• 194 breaches (69.5% of all breaches) caused a Social Security Number to be compromised.

Recommendations

The AG highlighted that the report includes resources and best practices for businesses that experience cyberattacks and individuals affected by data breaches, as well as recommendations to policymakers, such as:

• reducing the deadline to provide notice of a data breach to three days;
• creating requirements for sending data breach notifications in other languages;
• expanding the definition of 'personal information' to include an individual's full name in combination with a redacted Social Security Number and individual tax identification numbers;
• requiring businesses to recognize and honor opt-out preference signals;
• requiring transparency from data brokers and collectors through annual reporting, state licensing, and regulatory fees; and
• consulting with tribes on how best to support their efforts in combatting cyberattacks.

You can read the press release here and the report here.