Data breaches in Washington state have reached record levels, with more notifications sent than the state’s entire population, prompting urgent demands for reform.
A report from the Washington Attorney General’s Office (AGO) revealed that over 11.6 million data breach notifications were sent between July 2023 and July 2024—more than double the previous year’s 4.5 million. This number surpasses Washington’s population and shows the growing impact of cyberattacks, which accounted for 78% of breaches.
Ransomware was the leading attack method, responsible for 52% of the 217 reported incidents. Stolen personal data included Social Security numbers, driver’s license details, medical records, and financial account information.
Attorney General Bob Ferguson stressed the need for stronger protections, pointing out that current measures fall short of safeguarding Washington residents.
The breaches targeted a wide range of industries and organizations, leading to the exposure of sensitive personal information, such as:
The AGO recommended shortening the notification window for breaches to three days. Faster notifications give affected individuals a chance to secure accounts and take steps to protect their identities.
Broadening the scope of what counts as personal information could enhance protections. This includes recognizing emerging forms of data, such as biometric or behavioral data, as sensitive and deserving of safeguards.
Inspired by Colorado’s privacy law, the AGO advocates for greater transparency from data brokers and stronger consumer control over personal data. Businesses would need to honor opt-out signals and disclose data-sharing practices more clearly.
Incorporating tribal governments into cybersecurity strategies recognizes their unique challenges and ensures more inclusive policy-making.
If reforms are not enacted promptly, Washington residents could face:
Organizations must prioritize cybersecurity by adopting measures such as encryption, access controls, and routine audits.
Having a well-defined, tested plan for responding to breaches can minimize damage.
Regularly updating software, implementing multi-factor authentication, and training employees on phishing risks can help prevent ransomware attacks.
The rise in data breaches shows that laws need to catch up with today’s threats. Updating Washington’s policies to reflect approaches in states like Colorado could give residents better protection and raise the bar for data privacy.
A data breach occurs when sensitive information is accessed, stolen, or exposed without authorization.
Ransomware locks or encrypts a victim’s data and demands payment often in cryptocurrency in exchange for restoring access.
Colorado’s law strengthens consumer rights by requiring businesses to honor opt-out requests and increasing transparency around data use. Washington could adopt similar measures to reduce breaches.
The rising frequency of cyberattacks shows that existing measures are inadequate. Stronger policies can help mitigate risks and protect residents.