The Indiana Attorney General’s Office says it’s received at least 900 reports of data breaches annually for the past three years. That number is only a fraction of the breaches happening around the state.
Traditional data breaches stole information including social security and driver's license numbers or credit card information. However, with more card fraud protections and more supply than demand for personal information, hackers are targeting other data.
Stephen Reynolds is a partner at law firm Ice Miller. He works with businesses in Indiana and around the world on data security and privacy issues. He says there’s been a shift in the information hackers are trying to collect.
“What I’m seeing is a lot of attacks focused on fund transfer fraud, business email compromise,” says Reynolds. “So essentially hackers trying to trick companies to wiring money out of the door.”
Reynolds says even if a business doesn’t deal directly with consumers, their employer information and finances are still potential targets.
Under Indiana law a data breach is considered “an unauthorized disclosure of identified or identifiable information.”
Indiana Attorney General Data Privacy and Identity Theft Unit Section Chief Doug Swetnam says the state’s specific language means not all breaches are reported.
“So a breach that contains, log-in and passwords, wouldn’t necessarily trigger a reporting requirement for a company, but it’s a breach and it’s the kind that could actually jeopardize your information on important sites,” says Swetnam.
He says some of those include tax, healthcare and financial sites.
Ransomware and fund transfer fraud are expected to be some of the top cybersecurity threats for businesses in 2020.