For Immediate Release:
Friday, January 27, 2023

Contact:
Nazneen Ahmed (919) 716-0060

(RALEIGH) Ahead of Data Privacy Day on Saturday, Jan. 28, Attorney General Josh Stein today released the Department of Justice’s 2022 data breach report. The report shares information about the 1,900 data breaches reported to DOJ last year, which affected more than 3 million North Carolinians.

“We live, work, study, and conduct business online every day,” said Attorney General Josh Stein. “The organizations we give our information to have a responsibility to store that data carefully and prevent it from being compromised. When they fail to do that, I will not hesitate to hold them accountable. In addition to enforcing the law, we help people protect their personal information and hope that the tips and information in this report are useful.”

Businesses and government agencies are required by law to report data breaches to the Department of Justice. The 3,095,656 North Carolinians affected last year is the second highest number of people ever affected in a single year in the state. Hacking and phishing scams caused nearly 90 percent of breaches in 2022. Criminals often use phishing and hacking scams to infect systems and networks with ransomware. Ransomware, in turn, made up 45 percent of reported breaches. To avoid hacking and phishing scams:

• Don’t open emails, click links, or download attachments from unverified senders.
• Update software on your phone and computer regularly. Don’t forget updates on your smart watches, tablets, or any other electronic devices.
• Use strong passwords and change your passwords and security questions regularly.
• Use different passwords for your various accounts and websites so if one is compromised, it won’t give someone access to other accounts.
• Don’t use public Wi-Fi to make purchases, access your bank accounts, or log into any websites that have personal information. Public Wi-Fi networks are much more susceptible to hackers.
• Forward phishing emails to the Federal Trade Commission at spam@uce.gov.
• If you believe you may have been the victim of a hack, request a free security freeze, contact our office, and monitor your credit report and bank accounts for errors and irregularities. To learn more, visit www.ncdoj.gov/securityfreeze.

Ransomware attacks continue to increase in North Carolina. Last year, our office received reports of a record 857 data breaches caused by ransomware. Organizations can help prevent ransomware attacks on their networks by following these guidelines:

• Make and regularly update for how you and your organization to respond to ransomware and train your employees to be ready to implement it.
• Back up your data regularly so you aren’t at the mercy of hackers to access it.
• Regularly participate in and conduct trainings to help identify the signs of a ransomware attack.
• Keep all security and ransomware prevention software up to date on all of your devices.
• Have a plan in place to notify customers or people whose data you store if you become the victim of a ransomware attack.

Attorney General Stein and the Department of Justice investigate and hold companies accountable when they fail to reasonably protect and store people’s data. In 2022, Attorney General Stein was on the executive committee of a $391.5 million multistate settlement with Google over its location tracking practices – the largest state attorney general privacy settlement in U.S. history.

###