Washington State

Office of the Attorney General

Attorney General

Bob Ferguson


Law proposed by AG Ferguson requires stricter reporting, consumer notification

OLYMPIA — Nearly half a million Washingtonians had their personal information compromised as a result of data breaches between July of 2015 and July of this year, according to a report issued today by Attorney General Bob Ferguson. The release coincides with National Cyber Security Awareness Month.

The Attorney General’s report details the sources and impacts of data breaches reported to the Attorney General’s Office (AGO) under new, stricter notification and reporting requirements adopted by the Legislature in 2015. Attorney General Ferguson proposed the legislation. Its prime sponsors were Rep. Zack Hudgins and Sen. John Braun.

During the first year after the law took effect, 39 data breaches met the reporting threshold of 500 affected Washingtonians. Those 39 incidents occurred at companies and organizations ranging from school districts to national retail chains and affected at least 450,000 Washingtonians. The number is undoubtedly higher, since several companies reported that they were unable to determine the number of individuals affected.

While most of the breaches impacted less than 10,000 individuals, one breach in the telecommunications industry affected more Washington residents than the other 38 breaches combined.  In that instance, T-Mobile informed the AGO that an intruder obtained the sensitive data of nearly 330,000 Washingtonians.

 “Information is power, and this new law gives my office and Washingtonians valuable information about potential risk to their personal information and their businesses,” Ferguson said. “Data breaches are a serious threat to our security, and my office can use this information in our efforts to protect the people of Washington.”

The report also details the causes of the breaches. Malicious cyber attacks accounted for the largest share of the breaches. A significant number also resulted from unauthorized people, such as third-party vendors or employees, gaining access to information.  A small number of breaches resulted directly from loss or theft.

The Attorney General’s report includes a look at the potential costs of data breaches to both companies and consumers, as well as a more detailed look at what types of Washington organizations were affected by the breaches and what types of consumer information were exposed. It also provides resources for affected businesses and individuals.

More information about data breaches in Washington, including the individual data breach reports submitted to the AGO, is available at /data-breach-notifications. Information for businesses on reporting data breaches is available at /identity-theft-and-privacy-guide-businesses#Report.


The Office of the Attorney General is the chief legal office for the state of Washington with attorneys and staff in 27 divisions across the state providing legal services to roughly 200 state agencies, boards and commissions. Visit www.atg.wa.gov to learn more.


Peter Lavallee, Communications Director, (360) 586-0725; PeterL@atg.wa.gov