SEATTLE — Washington state has experienced an unprecedented surge in data breaches, with over 11.5 million breach notices issued in a single year, according to a new report released by the Attorney General's Office.
The report, covering the period from July 2023 to July 2024, reveals the highest number of data breaches ever recorded in the state's nearly decade-long tracking history.
Attorney General Bob Ferguson highlighted two major breaches as significant contributors to this record-breaking figure.
"These were against Comcast and Fred Hutch in which literally between the two of them about 4 million or more Washingtonians were impacted by massive data breaches there," Ferguson stated.
The Fred Hutch breach, which occurred in late 2023, raised concerns among patients about the potential exposure of sensitive information. At the time, patients were warned, "If that message demands a ransom do not pay it," according to a Fred Hutch spokesperson.
Other notable incidents included a cyberattack that caused delays at SEA airport and a ransomware attack on Seattle's Public Library, which disrupted online services for months. A library representative described the impact, saying, "Our staff were hand writing those checkouts and eventually we got sophisticated enough to have spreadsheets."
In response to these escalating threats, the attorney general's report proposes several policy changes aimed at enhancing consumer data protection. One suggestion draws inspiration from Colorado's legislation, which allows individuals to implement a global opt-out for data sharing.
Ferguson explained, "They passed a law that basically says you as an individual, can go and do what's called a global opt out. You're just saying, basically anytime I go to a website, I'm communicating right now I don't want my information shared with anybody."
Under Washington state law, a company has 30 days to notify people impacted by data breaches where personal information has been compromised. The report calls for that timelines to be tightened to three days so people can act quickly to protect their privacy and security.
As personal information continues to be at risk, the proposed policy changes aim to give consumers more control over their data and mitigate the rising number of breaches.