Data Breaches in Washington Remain at Historic Highs


Data breaches in the state of Washington are at a historic high, with 4.5 million breach notices being sent to Washington residents in 2022. The Washington state attorney general issued a data breach report last week, pointing out the importance of date security. 

This year was the second highest on record, as in 2021 there were 6.3 million data breach notices sent to Washington residents. 

State law requires organizations that experience a data breach to notify consumers and report to the Attorney General’s Office if the breach impacts more than 500 people. The Attorney General’s Office received 150 data breach notifications this year, which is double the amount they received in the first five years that notification was required. 

The number of breaches affecting more than 50,000 people were in double digits for the second year in a row. There was also a mega breach where T-Mobile had a cybersecurity attack and the data of more than two million Washingtonians was exposed. 

This was the second biggest in state history as in 2018 an Equifax breach caused data of 3.2 million Washington residents to be exposed. 

Ransomware — a type of cyberattack in which cybercriminals use malicious code to hold data hostage in hopes of receiving a ransom payment from the data holders — was involved in 43 data breaches this year.

Attorney General Bob Ferguson made recommendations on how Washington lawmakers could strengthen privacy and data security. 

One of the suggestions was legislation that protects consumers’ private health data as under the current law Washington’s health data is left vulnerable to be used by advertisers and can be shared with political groups. 

Ferguson also said the state should require more transparency from data brokers and collectors and require organizations to honor opt-out preferences. Companies that sell and buy consumer data should have to obtain a license from the state, Ferguson contends, saying that these companies would then have to provide regulators info on what the data is being used for. Also, by giving an opt-out option on websites, it gives consumers the power to control their data. 

The attorney general also suggested expanding language access to data breach notifications and defining personal info in Washington. Since many Washington residents aren’t English speaking, branching out into other languages could help notify them of a breach. Adding individual tax identification numbers used by the IRS, along with full names and last four digits of Social Security numbers to protected data, could help with breaches as well. 

More information on data breach notifications can be found at