INDIANAPOLIS, Ind. (WDRB) – More than 1.3 million people living in Indiana had personal information like Social Security numbers and credit card information exposed to hackers last year.
This number of data breaches, as they are often called, represents an astounding 421% increase from 2014 to 2021, according to a WDRB News analysis of publicly available data tracked by Attorney General Todd Rokita's office.
In 2014, 253,074 Hoosiers had their personal information exposed to hackers.
By 2021, that number ballooned to 1,319,428. A total of 1,535 companies or organizations experienced a data breach in 2021 in Indiana. And experts believe those numbers are only expected to climb.
Data breaches typically involve hacking a business or government computer system that keeps large amounts of consumer data. That can include Social Security numbers, credit card numbers, bank account information and passwords.
And Indiana is not alone in the exponential rise of cyber crime and data breaches. According to the Identity Theft Resource Center, data breaches across the United States increased by 68% from 2020 to 2021.
"Half of all businesses have some sort of cyberattack against them every year," said Jeff Chandler, a cyber security expert with Z-Jak Technologies. "A lot of those are not successful but it's pretty frequent. It's a never-ending battle, right? So, we have to add lots of layers. The hackers will find ways around the tools we use today, then we build defenses around those and then they come up with new ways."
Data breaches have real world consequences not just for the companies, but also for the people who do business with them.
Tina Whitt, who was diagnosed with multiple sclerosis in 2000, had her personal information stolen last year, possibly from the clinic where she got her COVID-19 vaccine.
"When I went to go get my COVID vaccine, they had my address wrong," Whitt said. "A couple of weeks later I started getting stuff in the mail saying, Best Buy, saying someone tried to open an account with Best Buy. Lowe's, Home Depot and I thought, 'Something is up.'"
Whitt had her identity stolen and no less than three credit cards were opened up in her name. Her credit score has taken a hit as a result, leaving her with few options for loans to renovate her bathroom to accommodate her disability.
Tina Whitt was diagnosed with MS is 2000 (WDRB photo).
"I can't get in and out of my tub. We moved into a house that was my grandmother's house and trying to lift my legs over is very dangerous," Whitt said. "I can't get a loan."
Whitt's struggle is one millions of Americans now face as cyber criminals become bolder and more skilled.
"They run this as a business. And that's what you have to keep in mind; these criminals, it's a business for them," Chandler said. "So what they want to do, they're going to try to lock your systems down. They're going to encrypt your data and then they're going to ask for money to get that data."
As incidents continue to rise, Chandler says that a simple email remains the most efficient for hackers to access a company's or government's database.
"Unfortunately, most hacks that happen are because of a human mistake. Ninety percent of them that happen are because someone clicked a link in a phishing attempt," he said. "You can have lots of training, filters, but it takes one message to get through, one person to click one link for the bad guys to get a hold into your network."
Indiana and Kentucky both have laws that require notifying citizens of a potential exposure of their personal data.
"It would be foolish not to admit to anyone that we're not swamped because we are," Indiana Attorney General (R) Todd Rokita said. "You can compare it to loose change. Think about loose change underneath a couch cushion. Is that how businesses you deal with treat your data?"
In Kentucky, Attorney General Daniel Cameron's office only provided data for government organizations and not private companies.
Indiana's law, enacted in 2005, also requires businesses notify the Attorney General's office of the breach. But not all do, which can lead to fines.
Rokita said they issue fines about 2 percent of the time.
"Like a lot of parts of life, it's usually those businesses who don't want to cooperate or want to hide something," he said.
But often, finding the culprits of the data breaches is a near impossible task.
"Unfortunately, they're often in places like Russia, the Middle East, North Korea, China. Places where we can't do anything about it," Chandler explained.
Jeff Chandler is a cybersecurity expert with Z-JAK technologies (WDRB photo).
The FBI urges all businesses to report cyber-attacks or hacks to their local field office, but tracking down hackers in foreign countries remains a challenge.
"These days, we're not just fighting crime on the streets," said FBI Director Christopher Wray in a video posted last month. "We're also battling it every day in the virtual world through computer code, servers, and software. Cybercriminals might feel emboldened by the anonymity they enjoy behind the keyboard. They might assume they can't be identified and held accountable. And the nation-states that support them might assume that, too. They're wrong."
In September, The FBI charged Mansour Ahmadi, Ahmad Khatibi Aghda and Amir Hossein Nickaein Ravari with cyber crimes related to hacking, cyber-theft and extortion. All three are Iranian nationals that targeted hospitals, according to the FBI.
Increasingly, healthcare organizations are facing cybersecurity threats because of the amount and type of data they hold.
"With healthcare providers, because they are more critical, they're more likely to pay a ransom too," Chandler said. "Because they want to get their data back quickly. If it's the regular professional office they could potential do other things but if it's a healthcare provider, what are they going to do? They have to take care of their patients."
In many cases, there is little a citizen can do if an organization they have given their information to has a data breach.
"The best way to guard against it is monitor your credit report," Rokita advised. "Only do business with those businesses that treat your data with respect. Freeze your credit report to keep others out of it."
For Whitt, it was too late by the time she caught it but she urges others to remain vigilant in the ever changing criminal landscape.
"Keep track of your stuff. Pay attention," she said.
Copyright 2022 WDRB Media. All Rights Reserved.