North Carolina Attorney General Josh Stein recently released the Department of Justice’s 2022 data breach report. The report shares information about the 1,900 data breaches reported to DOJ last year, which affected more than 3 million North Carolinians. The report was released in late January ahead of Data Privacy Day, which was January 28.

Businesses and government agencies are required by law to report data breaches to the Department of Justice. The 3,095,656 North Carolinians affected last year is the second highest number of people ever affected in a single year in the state. Hacking and phishing scams caused nearly 90 percent of breaches in 2022. Criminals often use phishing and hacking scams to infect systems and networks with ransomware. Ransomware, in turn, made up 45 percent of reported breaches. To avoid hacking and phishing scams, the following suggestions have been offered.

Don’t open emails, click links, or download attachments from unverified senders. Update software on your phone and computer regularly. Don’t forget updates on your smart watches, tablets, or any other electronic devices. Use strong passwords and change your passwords and security questions regularly.

Use different passwords for your various accounts and websites so if one is compromised, it won’t give someone access to other accounts. Don’t use public Wi-Fi to make purchases, access your bank accounts, or log into any websites that have personal information. Public Wi-Fi networks are much more susceptible to hackers. Forward phishing emails to the Federal Trade Commission at spam@uce.gov.

If you believe you may have been the victim of a hack, request a free security freeze, contact our office, and monitor your credit report and bank accounts for errors and irregularities. To learn more, visit www.ncdoj.gov/securityfreeze.

Ransomware attacks continue to increase in North Carolina. Last year, our office received reports of a record 857 data breaches caused by ransomware. Organizations can help prevent ransomware attacks on their networks by following these guidelines.

Make and regularly update for how you and your organization to respond to ransomware and train your employees to be ready to implement it. Back up your data regularly so you aren’t at the mercy of hackers to access it. Regularly participate in and conduct trainings to help identify the signs of a ransomware attack. Keep all security and ransomware prevention software up to date on all of your devices.

Have a plan in place to notify customers or people whose data you store if you become the victim of a ransomware attack.