1. Home
  2. States
  3. New Jersey

New Jersey

Data breaches refer to an unauthorized party's unlawful acquisition of personal or confidential information. They are carried out by infiltrating an individual or institution's systems for financial or personal gain. Over the years, New Jersey has experienced several data breaches, with varying measures being adopted to prevent and mitigate damage. It was ranked 13th in the United States in 2022, according to the Federal Bureau of Investigation's Internet Crime Report. New Jersey data breaches in 2022 resulted in the loss of revenue totaling $284,590,029. The business sector is most often involved with breaches in New Jersey within the categories of finance/ banking, health services, retail trade, or business services.

Identity Theft Statistics

Identity Theft
Reports
10TH
State Rank (Reports per 100K Population)
18,220
Identity Theft Reports
Fraud & Other
Reports
15TH
State Rank (Reports per 100K Population)
56,880
Total Fraud & Other Reports
Fraud
Losses
$32.7M
Total Fraud Losses
$305
Median Fraud Losses

Top Ten Report Categories

Identity Theft
24%
Imposter Scams
17%
Banks and Lenders
6%
Credit Bureaus, Iformation Furnishers and Report Users
6%
Online Shopping and Negative Reviews
5%
Telephone and Mobile Services
5%
Debt Collection
4%
Auto Related
4%
Prizes, Sweepstakes and Lotteries
3%
Internet Services
2%

Top Identity Theft Types

41%
13,792
Credit Card Fraud
24%
8,027
Other Identity Theft
11%
3,652
Loan or Lease Fraud
10%
3,309
Bank Fraud
7%
2,336
Phone or Utilities Fraud
4%
1,276
Employment or Tax-Related Fraud
3%
1,164
Government Documents or Benefits Fraud

New Jersey's Recent Biggest Data Breaches

2024

Raptor Technologies

Raptor Technologies distributed a notice of externally accessible data to their consumer bases in 2024, indicating a vulnerability in cloud-hosted data repositories. There were non-password-protected documents in three cloud storage designations totaling more than 4 million records. Within the notification, Raptor Technologies indicated that student names and school identification numbers were part of the information that became externally accessible. Though Raptor maintains there was no evidence the breach went beyond the security researcher and organization personnel, if a criminal got access to the data, the information included could facilitate cyberattacks.

2023
December

Mint Mobile Data Breach

Mint Mobile notified customers that they had suffered a data breach in December 2023. The company emailed consumers indicating that an unauthorized actor had accessed consumer data. According to the email, the company claimed that since they did not collect birth dates, driver's license numbers, or Social Security numbers, there was no risk of the information being exposed. However, it is possible that mobile numbers, emails, and IMEI serial numbers could have been compromised during the attack.

2023
November

ZeroedIn Technologies LLC

ZeroedIn Technologies is a data analytics company specializing in providing services to consumers like Dollar Tree and Family Dollar. They issued a notification concerning a data breach in November 2023. Unfortunately, those affected by the breach numbered two million after hackers had accessed their systems. The information exposed included names, Social Security numbers, and dates of birth. ZeroedIn also provided information to guide individuals against identity theft. They offered 12 months of credit monitoring as well as fraud assistance services free of charge.

2023
October

Xfinity

Xfinity fell victim to a data breach following the exposure of consumer information. The data breach was targeted via a Citrix vulnerability, allowing unauthorized individuals to access and extract data from the systems. Part of the information exposed included usernames, contact information, hashed passwords, the last four digits of the Social Security numbers, and security questions of the victims. In response, Comcast opted to reset all of the Xfinity account passwords. It also encouraged customers to use multi-factor authentications to avoid the typical vulnerabilities when using the platform.

2023
July

VirusTotal Data Breach

VirusTotal, an online service that analyses questionable files, experienced a data breach in July 2023. An employee accidentally exposed information associated with 5,600 consumers to upload and inspect files to see if malicious content was detected. Researchers who found the leak observed that the exposed emails were grouped according to associated enterprise customer accounts. Some exposed data included information accounts linked to people associated with the FBI, US military, National Security Agency, and Cyber Command service branches. It may come as a relief to some that the leak only consisted of names and email addresses. The leaked data did not contain privately uploaded files or other sensitive information.

What Should You Do if You Are in a Breach?

Unfortunately, data breaches are pretty common now, considering our online connections and dependence on digital service delivery. Criminals work in the shadows to steal your personal information, so sometimes, it's only when you notice certain signs that ongoing fraud becomes apparent. These danger signs apply to both individuals and businesses.

Unfamiliar
Credit Card Charges

If you find unauthorized transactions on your credit card, there is a significant possibility your phone number, email address, or card number has been compromised.

Calls from
Debt Collectors

Phone calls or letters from collection agencies seeking debt payment for a loan you do not remember taking are also signs of identity theft.

New Credit Cards
or Loans in Your Name

A new line of credit in your name or a loan taken is a warning sign you are a victim of identity theft.

Surprise Credit
Score Drops

Sudden credit drops with no obvious cause are a sign of suspicious activities.

Unusual Activity on Your
Social Security Account

The federal government also considers social security numbers personal identifiers, so check your social security statement regularly to ensure no one has access to benefits without consent.

Inability to
Sign-in to Accounts

If you are locked out of the account, it is usually because someone has hacked into it and changed the password. You should immediately try all possible recovery options and contact customer support if all fails.

Step-by-Step Process for Responding to a Data Breach

01

Contact Local Law Enforcement

As an individual or a business, report the incident to the police and file a police report.

02

Assess and Secure Compromised Areas

Identify which aspects of your information have been affected, such as emails, passwords, credit card numbers, social security numbers, full names, and phone numbers.

03

Contain the Breach

Isolate the affected system to prevent further damage.

04

Create New, Strong Passwords for All Accounts

This may involve changing usernames and passwords for compromised platforms, using strong passwords with a mix of upper and lower-case letters, digits, and special characters.

05

Notify Affected Institutions

Inform your bank, credit card companies, and other affected institutions. Request they close or freeze any accounts that may be implicated in the breach to reduce financial risk.

06

Update Security on Digital Accounts

Change passwords for all accounts affected by the breach. Make sure each password is totally unique, and you use two-factor verification as an additional layer of security.

07

Check for Malware

Examine your computers and mobile devices for installed malware. Install robust antivirus software to detect and remove any viruses or malicious software.

08

Freeze Your Credit

In cases of identity theft, contact all credit bureaus to freeze your credit.

09

Monitor Your Mail and Credit Reports

Keep an eye out for any unauthorized changes in your mail.

10

Engage Legal Assistance When Applicable

If you are a business, consider hiring a law firm experienced in handling data breaches.

Responsibilities of Companies that Have Been Breached

In New Jersey, businesses that experienced a data breach must notify residents whose information has been breached concerning the incident. They can do so by using written, telephone, or electronic notices. Before the disclosure, though, businesses are required to notify the State Police. That said, disclosure of a breach of security to a customer isn't necessary if the entity shows that misuse of information is not possible, reasonably speaking.

If an entity determines that a data breach requires notifying at least 1,000 individuals at one time, it will also notify the consumer reporting agencies. Timing also applies to the general notification of the individuals affected by a data breach. Notifications must be delivered in the most expedient time possible. The notifications given must effectively convey the scope of the breach. Third-party notifications must be given as well. Entities that maintain data on behalf of another organization shall notify them of any breach of their computerized records immediately after its existence is determined.

The notices that businesses issue to affected residents also have to include a description of what was compromised and must include the businesses' contact information for assistance. Businesses are required to utilize theNew Jersey Data Breach Report Form. That is the main way to report the incident to state offices. It will have the names of the people affected and a description of the events leading up to the breach. The form will also show the date the breach occurred, what was exposed, and how to inform the affected individuals.

Laws

  • New Jersey's Identity Theft Prevention Act defines personal information as knowledge of a person's name along with the following data elements:

    • Social Security number
    • Driver's license number
    • Account, credit card number
    • User name, email address with password
  • According to the state's Consumer Fraud Act, there are penalties for organizations that do not comply with the data breach notification laws. Businesses that do not notify their residents may face penalties like civil action suits. It may result in having to pay three times the damages that an affected party had to go through, along with all legal fees. Businesses might also be asked to pay hefty fines to the state and to destroy their data. They will be asked to introduce corrective action plans and reforms to their cybersecurity teams.

Resources