Consumer complaints about data breaches skyrocket in Illinois

Data breaches at a major retailer and a physicians’ medical group caused consumer complaints about such violations to skyrocket a whopping 1,600 percent in 2013, the Illinois Attorney General’s office announced Tuesday.

The increase — to 576 last year from 33 in 2012 — stemmed primarily from data stolen from Target Corp. during the holiday shopping season and from Advocate Health Care during a mid-July burglary of four computers from the group’s Park Ridge administrative office, according to Attorney General Lisa Madigan’s latest report on her office’s top 10 consumer complaints.

Target, the second-largest discount retailer, reported that 40 million credit and debit card accounts were affected nationwide, and that names, phone numbers and email and mailing addresses were stolen for up to 70 million customers. Last week, Target said cyber criminals had hacked into a data connection between the retailer and its heating and ventilation systems contractor.

Downers Grove-based Advocate reported that the health records of 4 million people were taken. That was the second-largest such theft since the U.S. Department of Health and Human Services started requiring data-breach notifications four years ago.

The data breaches fall under the category of “identity theft,” which has remained the No. 2 complaint at the attorney general’s office for the fifth straight year. Debt scams involving credit cards, mortgage lending and debt collections topped the list, the report said. Identity theft complaints were 62 percent higher than the next-biggest category involving phone, wireless and cable and satellite TV complaints.

Madigan is proposing that Congress give an existing federal agency the authority to investigate data breaches, similar to the agency that investigates airline crashes.

“Last year alone, $21 billion was lost to identity theft,” Madigan said in a statement. “The harm being done to consumers is too great to allow these breaches to continue without a concerted effort by both the government and the private sector to stop them from happening.”

Madigan helped enact a state law nine years ago that requires companies to notify their customers within a “reasonable” time of data breaches.