Hawaii
Table of Contents
- Identity Theft Statistics
- Top Ten Report Categories
- Top Identity Theft Types
- Fraud & Other Reports by Metropolitan Area
- Hawaii’s Recent Biggest Data Breaches
- What Should You Do if You Are in a Breach?
- Step-by-Step Process for Responding to a Data Breach
- Responsibilities of Companies that Have Been Breached
- Laws
- Resources
Data breaches are increasingly common as society becomes more dependent on technology. Cybercriminals target commercial organizations, government institutions, or individuals who handle or license information. They target these institutions via malware, hacking, ransomware, denial of service, and phishing. Hawaii has one of the lowest numbers of victims of data breaches, ranking at 44th. In 2023, it also lost $51,722,052 in revenue, indicating that unauthorized parties targeted high-revenue organizations or groups. Most of the targets over a five-year period leading to 2023 belonged to healthcare, local government, and the financial sector.
Identity Theft Statistics
Reports
Reports
Losses
Top Ten Report Categories
Top Identity Theft Types
Hawaii's Recent Biggest Data Breaches
Navvis & Company, LLC Data Breach
On July 25, 2023, Navvis determined there was some suspicious activity in its networks. The company immediately took specific steps to secure it and initiated an investigation to assess the scope of the damage. From the investigation, Navvis reviewed the types of information that were revealed. Some information that was exposed included names, birth dates, medical treatment data, health plan details, patient account numbers, and case identification. In response, Navvis notified all 462,861 affected individuals and offered one to two years of credit monitoring.
Hawaii USA Federal Credit Union Data Breach
In December 2022, Hawaii Federal Credit discovered an unauthorized infiltration of an employee's email account. An investigation was initiated when this was found to be the case. The evidence did not show which specific emails or attachments or emails had been viewed by the unauthorized. That said, the company issued notification letters to all who were affected due to the incident. The credit union also provided those affected with complimentary credit monitoring and identity theft protection.
Aloha Laser Vision, LLC Data Breach
In December 2021, an unauthorized party accessed myCare Integrity data, which is the records platform for Aloha Laser Vision. When the unauthorized activity was detected, an incident response team stopped and began investigating. There was no evidence that the company's patient records were misused. However, that did not rule out the potential of the personal information of 43,263 patients being exposed. Names, birth dates, dialogistic data, and health insurance details are part of the information that may have been exposed. Letters were sent to patients whose information was stored on the myCare Integrity database. The company also offered identity monitoring to those affected at no cost for one year.
Pingora Loan Servicing Data Breach
A security event involving an unauthorized party affecting Pingora's database was discovered in December 2021. On discovering the breach, the company stopped the unauthorized access. It also notified local law enforcement and engaged the services of an external cyber-security service. From the initial review, Pingora determined that some of the exposed information included names, addresses, loan numbers, and Social Security details. Pingora Loan Servicing also issued a notification letter to those affected. Pingora provided the 7,002 victims of the breach with a complimentary one-year membership at Kroll to assist with identity protection and credit monitoring.
Hawaiian Dredging Construction Company Data Breach
In April 2021, the Hawaiian Dredging Construction Company discovered a data breach within its systems where an unauthorized party accessed and transferred some of their files. Some information taken from their systems included names, addresses, dates of birth, and Social Security numbers. Though there is no indication that the information was misused, the data breach victims were urged to be vigilant by reviewing account statements. They were also provided a one-year complimentary membership with Experian for credit monitoring and identity protection.
What Should You Do if You Are in a Breach?
Unfortunately, data breaches are pretty common now, considering our online connections and dependence on digital service delivery. Criminals work in the shadows to steal your personal information, so sometimes, it's only when you notice certain signs that ongoing fraud becomes apparent. These danger signs apply to both individuals and businesses.
Unfamiliar
Credit Card Charges
If you find unauthorized transactions on your credit card, there is a significant possibility your phone number, email address, or card number has been compromised.
Calls from
Debt Collectors
Phone calls or letters from collection agencies seeking debt payment for a loan you do not remember taking are also signs of identity theft.
New Credit Cards
or Loans in Your Name
A new line of credit in your name or a loan taken is a warning sign you are a victim of identity theft.
Surprise Credit
Score Drops
Sudden credit drops with no obvious cause are a sign of suspicious activities.
Unusual Activity on Your
Social Security Account
The federal government also considers social security numbers personal identifiers, so check your social security statement regularly to ensure no one has access to benefits without consent.
Inability to
Sign-in to Accounts
If you are locked out of the account, it is usually because someone has hacked into it and changed the password. You should immediately try all possible recovery options and contact customer support if all fails.
Step-by-Step Process for Responding to a Data Breach
Contact Local Law Enforcement
As an individual or a business, report the incident to the police and file a police report.
Assess and Secure Compromised Areas
Identify which aspects of your information have been affected, such as emails, passwords, credit card numbers, social security numbers, full names, and phone numbers.
Contain the Breach
Isolate the affected system to prevent further damage.
Create New, Strong Passwords for All Accounts
This may involve changing usernames and passwords for compromised platforms, using strong passwords with a mix of upper and lower-case letters, digits, and special characters.
Notify Affected Institutions
Inform your bank, credit card companies, and other affected institutions. Request they close or freeze any accounts that may be implicated in the breach to reduce financial risk.
Update Security on Digital Accounts
Change passwords for all accounts affected by the breach. Make sure each password is totally unique, and you use two-factor verification as an additional layer of security.
Check for Malware
Examine your computers and mobile devices for installed malware. Install robust antivirus software to detect and remove any viruses or malicious software.
Freeze Your Credit
In cases of identity theft, contact all credit bureaus to freeze your credit.
Monitor Your Mail and Credit Reports
Keep an eye out for any unauthorized changes in your mail.
Engage Legal Assistance When Applicable
If you are a business, consider hiring a law firm experienced in handling data breaches.
Responsibilities of Companies that Have Been Breached
All businesses that handle personal information in Hawaii must inform affected customers in the event of a data breach. According to the Hawaii data breach notification statute, sensitive information refers to names, addresses, phone numbers, social security details, driver's licenses, and account numbers. Data breach notices must be issued without unreasonable delay, consistent with state law.
Businesses can issue the notices in either or three ways. That is, written, telephonic, or electronic notices. If the cost of notifying all of the affected is more than $100,000 or those to be informed are more than 200,00, a substitute notice can be issued. A substitute notice is also given when a business does not have the personal details of everyone affected by a data breach. This can be done by emailing everyone affected, conspicuously posting the incident on the business's web page, and notifying statewide media about the incident.
Hawaii government agencies must notify the state legislature within 20 days of discovering a data breach. The notification will show information concerning the number of people affected and the details of the incident. In the event that a law enforcement agency indicates that notification could impede a criminal investigation, the report may be delayed. This also delays the notification of all individuals affected by the breach. The entities that violate the provisions of the notification regulations in the state will be subject to a penalty of not more than $2,500 per violation. The attorney general also has the power to enforce the remedy against delinquent organizations.
Laws
- Chapter 487N deals with the security breach of personal information. It handles definitions, requirements for a notice of security breach in an organization, penalties or civil action, and reporting obligations.
- Hawaii HB 2051 establishes the Consumer Privacy Act. It deals with consumer rights when collecting businesses' personal information. It also outlines the obligations of these entities, considering the collection, disclosure, sharing, and selling of consumer data.
- According to Hawaii State Legislature, Act 116 [§711-1110, the offense of violation of privacy in the first degree in a private place and without the consent of the owner will merit a penalty. That is using a hidden device to record someone when they are engaged in a personal activity.