Since 2008 there have been 9,696 data breaches in the United States involving more than 10.7 billion records, and the cost of each lost or stolen record was on average $148. Although that might seem like a small amount, when tallied together that adds up to $1.6 trillion in losses since 2008. The compromised data in the records could include basic information such as names, email addresses, phone numbers and addresses; but in other cases could also include interests, social security numbers and financial information.

According to new research from Comparitech, an independent website that covers trends in technology – including antivirus and cybersecurity – one state stands out from the rest: California.

What Makes the golden state so Vulnerable to Hackers?

For its study Comparitech analyzed data from the past 10 years to determine which states suffered the most. California suffered the most data breaches in the past decade and had the most records exposed – 1,493 breaches since 2008, which affected nearly 5.6 billion records in total. Not only was it the top state for data breached, but had twice as many as the “runner up” states including New York, Texas, Florida and Georgia.

So what makes California the most hacked state in the country? One factor is that the state is home to more tech and internet companies than others.

“More data means more data breaches, and Internet companies are not about to stop collecting data any time soon,” said Paul Bischoff, author of the report for Comparitech.

By comparison, states with the fewest breaches over the 10-year period were:

  • South Dakota
  • North Dakota
  • Wyoming
  • West Virginia
  • Hawaii

Each of these five states were reported as having fewer than 30 breaches in total. As noted by the report’s findings, South Dakota suffered just 15 breaches and had 42,859 records compromised.

What are the national hacking trends?

The number of breaches also seems to be increasing, with 2017 setting the record for the most U.S. data breaches – 1,683 in total for that year. The year 2016 took the top spot for the number of records exposed at 4.6 billion.

One point also worth noting is that the number of breaches and records compromised can vary. For example, Pennsylvania had a reported 333 breaches, which impacted just over 17 million records. On the other hand, Virginia had 286 breaches but nearly 208 million records impacted.

Georgia was home to one of the most infamous breaches, which involved the credit monitoring service Equifax. In May 2017, the Atlanta-based credit bureau announced a breach that involved 145.5 million Americans’ names, social security numbers, birth dates, and addresses.

The report did not directly address the 2014-2015 data breach that targeted the United States Office of Personnel Management (OPM), which might have affected as many as 21.5 million records. In that case, the compromised information included the theft of security clearance information, personal details, and as many as 5.6 million sets of fingerprints.

Phishing Tactics are Still the Prime Culprit

While movies and TV shows may suggest that hackers utilize advanced software to break into networks, in fact simply “social engineering” tactics have remained the most common method of entry for hackers and cyber criminals today.

“These days, most breaches are the result of phishing as opposed to hacking,” Bischoff told ClearanceJobs. “Hacking targets computer systems, but phishing targets humans, and humans tend to be more prone to error than computers. Even the most well-hardened security system fails when a company employee is tricked into handing over a password. That being said, many data breaches are often the result of poor cybersecurity implementation, and in some cases a total disregard for user privacy.”

The final important takeaway from the Comparitech report is that it only highlights the reported breaches – and as Bischoff noted that is an important distinction.

“Another factor is that U.S. companies are required to disclose data breaches if they reach a certain threshold,” he told ClearanceJobs. “As of 2018, every state in the U.S. now has breach notification laws requiring businesses to report data breaches of varying sizes and severity to the state’s Attorney General, affected users, and in some cases the media. Prior to these laws, companies could keep breaches a secret.”

Related News

Peter Suciu is a freelance writer who covers business technology and cyber security. He currently lives in Michigan and can be reached at