Home Credit report More than 1.3 million people living in Indiana had private information exposed in 2021 | WDRB investigation

More than 1.3 million people living in Indiana had private information exposed in 2021 | WDRB investigation


INDIANAPOLIS, Ind. (WDRB) – More than 1.3 million people living in Indiana had personal information such as Social Security numbers and credit card information exposed to hackers last year.

This number of data breaches, as they are often called, represents a stunning 421% increase from 2014 to 2021, according to a WDRB News analysis of publicly available data tracked by Attorney General Todd Rokita’s office.

In 2014, 253,074 Hoosiers had their personal information exposed to hackers.

In 2021, that number grew to 1,319,428. A total of 1,535 businesses or organizations experienced a data breach in 2021 in Indiana. And experts think those numbers are only set to rise.

Data breaches typically involve hacking into a corporate or government computer system that stores large amounts of consumer data. This may include social security numbers, credit card numbers, bank account information, and passwords.

And Indiana isn’t alone in seeing an exponential rise in cybercrime and data breaches. According to the Identity Theft Resource Center, data breaches in the United States increased by 68% between 2020 and 2021.

“Half of all businesses fall victim to some kind of cyberattack every year,” said Jeff Chandler, cybersecurity expert at Z-Jak Technologies. “A lot of them don’t succeed, but that’s pretty common. It’s a never-ending battle, isn’t it? So we have to add a lot of layers. Hackers will find ways around the tools that we use today, and then we build defenses around those, and then they come up with new ways.”

Data breaches have real consequences not only for companies, but also for the people who do business with them.

Tina Whitt, who was diagnosed with multiple sclerosis in 2000, had her personal information stolen last year, possibly at the clinic where she got her COVID-19 vaccine.

“When I went to pick up my COVID vaccine, they got the wrong address,” Whitt said. “A few weeks later, I started getting messages in the mail saying, Best Buy, saying someone had tried to open an account at Best Buy. Lowe’s, Home Depot and I thought, ‘He’s something happens.'”

Whitt had his identity stolen and no less than three credit cards opened in his name. Her credit rating took a hit, leaving her with few loan options to renovate her bathroom to accommodate her disability.

Tina Whitt was diagnosed with MS in 2000 (Photo WDRB).

“I can’t get in and out of my bathtub. We moved into a house that was my grandmother’s house and trying to lift my legs is very dangerous,” Whitt said. “I can’t get a loan.”

Whitt’s fight affects a million Americans as cybercriminals grow bolder and more skilled.

“They’re running this like a business. And that’s what you have to keep in mind; these criminals, this is a business for them,” Chandler said. “So what they want to do is they’re going to try to lock down your systems. They’re going to encrypt your data and then they’re going to demand money to get that data.”

As incidents continue to rise, Chandler says a simple email remains the most effective way for hackers to gain access to a company or government database.

“Unfortunately, most hacks that occur are due to human error. Ninety percent of them are due to someone clicking on a link during a phishing attempt,” did he declare. “You can have a lot of training, filters, but it takes a message to get through, a person to click a link for the bad guys to take over your network.”

Both Indiana and Kentucky have laws that require notifying citizens of potential exposure of their personal data.

“It would be foolish not to admit to anyone that we’re not overwhelmed because we are,” Indiana Attorney General (R) Todd Rokita said. “You can compare it to loose change. Think loose change under a couch cushion. Is that how the companies you deal with treat your data?”

In Kentucky, Attorney General Daniel Cameron’s office provided data only to government organizations, not private companies.

The Indiana law, enacted in 2005, also requires companies to notify the attorney general’s office of the violation. But not all do, which can lead to fines.

Rokita said they issue fines about 2% of the time.

“Like many aspects of life, it’s usually those companies that don’t want to cooperate or want to hide something,” he said.

But often, finding the culprits of data breaches is an almost impossible task.

“Unfortunately, they’re often in places like Russia, the Middle East, North Korea, China. Places where we can’t do anything about it,” Chandler explained.

Jeff Chandler

Jeff Chandler is a cybersecurity expert with Z-JAK technologies (Photo WDRB).

The FBI urges all businesses to report cyberattacks or hacks to their local office, but tracking down hackers in foreign countries remains a challenge.

“Nowadays, we’re not just fighting crime on the streets,” FBI Director Christopher Wray said in a video released last month. “We also fight it every day in the virtual world through computer codes, servers and software. Cybercriminals might feel emboldened by the anonymity they enjoy behind the keyboard. They might assume they can’t not be identified and held accountable. And the nation states that support them might assume so too. They are wrong.

In September, the FBI charged Mansour Ahmadi, Ahmad Khatibi Aghda and Amir Hossein Nickaein Ravari with cyber crimes related to hacking, cyber theft and extortion. All three are Iranian nationals who targeted hospitals, according to the FBI.

Increasingly, healthcare organizations face cybersecurity threats due to the amount and type of data they hold.

“With healthcare providers, because they’re more critical, they’re also more likely to pay a ransom,” Chandler said. “Because they want to get their data back quickly. If it’s the regular professional office, maybe they could do something else, but if it’s a healthcare provider, what are they going to do They have to take care of their patients.”

In many cases, there is little a citizen can do if an organization they provided their information to suffers a data breach.

“The best way to guard against this is to monitor your credit report,” Rokita advised. “Only do business with companies that treat your data with respect. Freeze your credit report to keep others away.”

For Whitt, it was too late by the time she caught him, but she urges others to remain vigilant in the ever-changing criminal landscape.

“Keep track of your stuff. Be careful,” she said.

Data breach dilemma

Copyright 2022 WDRB Media. All rights reserved.