With more than half of all North Carolinians affected by personal data breaches last year, state leaders unveiled a new bipartisan effort Monday to bolster consumer protections.
The state Justice Department announced that the personal information of more than 5 million North Carolinians was compromised in 2017. That was seven times the number of people affected the year before.
Attorney General Josh Stein, a Democrat, said while the state already has strong consumer protection laws, they could be even stronger.
At a news conference, he announced support for a new bill that will be introduced by Republican Rep. Jason Saine, who chairs panels on information technology. Saine said he expects to introduce legislation this summer.
The Lincolnton lawmaker said the bill would, among other things, give consumers quicker notification of personal breaches, offer them greater control of their credit reports and give them the right to free credit monitoring in the event of a breach.
Hacking accounted for half of all the N.C. breaches, the Justice Department reported.
Some hacks drew wide attention.
In September, North Carolinians were affected by the hacking of credit monitoring company Equifax, in which hackers obtained the information of as many as 143 million Americans.
Equifax took 40 days to notify consumers, Stein said. Uber, which has reported global security breaches of consumer data, took more than a year, he said.
“These delays are unacceptable,” Stein said.
In December, hackers essentially shut down Mecklenburg County computers and demanded a ransom of $23,000 to free them. County officials refused to pay the hacker, believed to be in Ukraine or Iran.
“While greater access to technology has clear benefits, it also means more people are at risk of becoming a victim of cybercrime,” Stein said in the report.
Hacking was by far the largest cause of data breaches. The Justice Department received 516 reports of hacking last year, a 3,586 percent increase from 2006.
“Phishing,” where people are sent phony emails or text messages in an attempt to get their personal information, accounted for a quarter of all breaches. Phishing reports, negligible as recently as 2015, skyrocketed last year.
The elderly are particularly vulnerable to unscrupulous hackers, said Doug Dickerson, state director for AARP.
“This bill,” he said, “is long overdue.”
What to do?
The attorney general’s office says if you see a “phishing” attempt, report it to the real business or organization that is mentioned. For example, if the suspect email purports to be from a particular bank, contact the bank.
Meanwhile, forward the entire email to the Federal Trade Commission at firstname.lastname@example.org.
If you do accidentally respond to a phishing email, contact your bank and your credit card company immediately. If you think you may be a victim of identity theft, contact the Justice Department at ncdoj.gov or 1-877-5-NO-SCAM.
Justice officials say if you have been affected by a data breach, freeze your credit with all reporting services. Those services are free for North Carolinians. Visit www.ncdoj.gov/creditfreeze.