Many thousands of the leaks were first reported between June and November - including confidential data on customers of Blue Cross Blue Shield of Massachusetts, Eastern Bank, JPMorgan Chase Bank, and other major institutions, documents released by state regulators revealed.
The breaches occurred in a variety of forms, including theft of laptop computers and the loss of a computer data tape. But most involved successful hacker attacks on computer centers, where large amounts of personal data are stored.
It is unclear whether any of the incidents of leaked or stolen data resulted in any instances of identity theft. The state’s records reflect only that the information was exposed.
Barbara Anthony, undersecretary of consumer affairs and business regulation, said that businesses, schools, and government agencies must cultivate “a culture of security’’ to protect the millions of sensitive personal documents under their control.
Under a state law passed in 2007, all such institutions must inform consumers and state regulators about security breaches that might result in identity theft. Such leaks involve the release of a person’s name along with sensitive information such as Social Security numbers, driver’s license numbers, or bank account, credit card, and debit card numbers.
As of November, the state had received 807 data breach notifications from a variety of institutions that collect personal information, from companies to banks and colleges. In most cases, only a few consumers were affected, but in other instances, information on thousands of people was compromised.
“In 60 percent of the cases, the breaches were due to criminal acts,’’ said Anthony. “Forty percent were negligence.’’ boston