TRENTON – Expanding New Jersey’s efforts to keep its children safe from internet predators, Attorney General Gurbir S. Grewal and the Division of Consumer Affairs today announced a new initiative aimed at teaching kids and teens the importance of protecting themselves and their data while online.
The “Cyber Savvy Youth” outreach campaign to educate and test the cybersecurity knowledge of students from kindergarten through high school was announced as New Jersey closes out Cybersecurity Awareness Month.
The Division and the New Jersey State Police also announced the 2018 statistics regarding data breaches affecting New Jersey residents. The statistics showed that 906 data breaches were reported to State Police last year, a nearly 6 percent decrease from the 958 breaches reported to State Police in 2017.
So far in 2019, civil settlements reached by the Attorney General’s Office following data breach incidents have resulted in more than $6.4 million in recoveries for New Jersey.
“Today, more children have access to the internet and smart phones at a younger age than ever before,” said Attorney General Grewal. “Unfortunately, the same online access that makes it easier for kids to explore the world makes kids easier targets for identity thieves and other online predators. We need to protect our kids online, and protecting them starts with educating them to be more alert to online risks.”
As part of its ongoing cybersecurity efforts, the Division’s Cyber Savvy Youth campaign addresses an emerging threat from identity thieves targeting children through social media, online apps or video game platforms. More than 1 million children nationwide fell victim to identity theft in 2017, resulting in losses of $2.67 billion, according to a 2018 study by Javelin Strategy & Research. Two-thirds of the victims were under the age of eight and another 20 percent were eight to twelve years old.
To kick off the Cyber Savvy Youth campaign, Acting Director Rodríguez visited Nicolas Copernicus elementary school in Jersey City yesterday where he spoke to students about internet safety and handed out booklets with tips on how to spot potential dangers online.
“An important goal of the Division is to educate New Jersey consumers to be their own best protectors against fraud. And when it comes to online safety, it’s never too early to start, said Paul R. Rodriguez, Acting Director of the Division of Consumer Affairs. “Financial fraud against children can go undetected for years, giving thieves a chance to steal more money for a longer period of time. By teaching kids and teens about online scams and predators, the Division is helping the next generation of cyber citizens avoid falling victim to internet fraud.”
"The New Jersey State Police fully supports the 'Cyber Savvy Youth' outreach campaign by educating children and parents alike, whether it is face-to-face with our school resource troopers or through public service messaging posted on the internet," said Colonel Patrick Callahan of the New Jersey State Police. "We are committed to protecting our kids no matter where they are, on the playground or online."
In addition to the decline from 958 reported data breaches in 2017 to 906 in 2018, there was a steep decline in the number of New Jersey residents that were affected by data breaches. In 2018, approximately 358,000 New Jersey residents were affected by reported breaches. In 2017, more than 4 million New Jersey residents were affected.
The drop in the number of affected residents from 2017 to 2018 does not mean there is a downward trend overall. Instead, it reflects the very large number of residents that were affected by the massive 2017 data breach at Equifax. The 358,000 residents affected by data breaches in 2018 is more than triple the 116,000 residents affected in 2016.
The top five methods to breach security were:
- Phishing / Spoofing / Unauthorized Access to E-mail
- Hacking / Unspecified Intrusion
- Internal / Employee Error
- Internal / Employee Theft
- Vulnerability / Misconfiguration / Programing Error
The Division works year round with the new Data Privacy & Cybersecurity Section in the Division of Law to identify emerging cybersecurity threats, protect consumers from data breaches, and ensure that companies respond appropriately when a breach occurs. Their work has resulted in the following civil settlements to New Jersey this year:
Equifax: In July 2019, the credit reporting agency Equifax entered into a $600 million settlement agreement to resolve claims stemming from a 2017 data breach that was the largest data breach to date.
As part of the settlement, Equifax has agreed to create a Consumer Restitution Fund of up to $425 million. The company also must pay a total of $175 million in civil penalties to the participating states. In addition, Equifax has agreed to significantly strengthen its data security practices going forward.
New Jersey was part of a multi-state Leadership Committee that spearheaded the investigation, which found that Equifax’s failure to maintain reasonable security measures enabled hackers to penetrate its systems and exposed data of most American adults. New Jersey will receive $6.36 million of the total civil penalties paid by Equifax.
Premera Blue Cross Blue Shield: Also in July 2019, Attorney General Grewal announced that New Jersey and 29 other states reached a settlement to resolve allegations that health insurer Premera’s inadequate security measures left its network vulnerable to hacking the protected health information and personal information of more than 10.4 million insureds nationwide. The data breach affected approximately 40,000 New Jersey residents.
Under terms of the settlement, Premera paid the states a total of $10 million. The company was also required to implement specific data security controls intended to protect personal health information, annually review its security practices and provide data security reports to the participating state attorneys general.
Neiman Marcus: In January 2019, it was announced that New Jersey entered into a multi-state settlement with Neiman Marcus that resolved allegations the retail chain failed to protect the personal information of shoppers who made in-store purchases using payment cards. The account numbers, expiration dates and other personal data linked to an estimated 370,000 payment cards nationwide were compromised. Approximately 17,000 payment cards associated with New Jersey addresses were impacted by the breach.
As part of the settlement Neiman Marcus will pay the participating states $1.5 million, of which New Jersey will receive $57,465. In addition to the monetary terms of settlement, Neiman Marcus has agreed to a variety of injunctive terms aimed at preventing a similar data breach in the future.
The Division of Consumer Affairs offers the following tips for New Jersey residents to help them better protect their sensitive personal information:
- Avoid clicking on e-mail links or attachments from unknown senders.
- Adjust device privacy settings to control sharing of data between applications, software and address books.
- Choose a strong password containing letters, numbers and symbols. If a website offers two-factor authentication security, use it.
- To protect your device from unauthorized access and malware, install and update security software and ensure that firewall and anti-virus protections are updated regularly.
- Before disposing of any electronic device, wipe the hard drive using specialized software that will overwrite your information; or donate the device to a certified recycling facility that follows government standards for the destruction of data.
- Scrupulously check credit reports, bank and credit card statements, and subscription services to catch identity theft at its earliest stages. Under federal law, consumers can get three free credit reports per year through www.annualcreditreport.com. New Jersey law entitles consumers to an additional three free credit reports annually – one from each of the national credit reporting agencies.
- Avoid free Wi-Fi, especially for health, financial, and other personal transactions.
- Parents should take advantage of parental control software offered by their internet service provider, adjust browser settings to limit children's access, and review history logs to monitor usage. Concerns about websites directed to children can be reported to the Division of Consumer Affairs, which enforces the federal Children’s Online Privacy Protection Act (COPPA).
# # #