data breach notifications

According to the NJ Identity Theft Prevention Act:

Any business or public entity required under this section to disclose a breach of security of a customer's personal information shall, in advance of the disclosure to the customer, report the breach of security and any information pertaining to the breach to the Division of State Police in the Department of Law and Public Safety for investigation or handling, which may include dissemination or referral to other appropriate law enforcement entities.


Please report security breaches to Submitted notifications will be reviewed and processed by NJSP personnel assigned to the NJCCIC fulfilling the statutory requirement.

For further information, please contact the NJCCIC at 609-963-6900 x7865

Read the NJ Identity Theft Prevention Act Here

What is a breach?

The Identity Theft Resource Center (ITRC) defines a data breach as an incident in which an individual name plus a Social Security number, driver’s license number, medical record or financial record (credit/debit cards included) is potentially put at risk because of exposure. This exposure can occur either electronically or in paper format. The ITRC will also capture breaches that do not, by the nature of the incident, trigger data breach notification laws. Generally, these breaches consist of the exposure of user names, emails and passwords without involving sensitive personal identifying information. These breach incidents will be included by name but without the total number of compromised records included in the cumulative total. 

It should be noted that data breaches are not all alike. Security breaches can be broken down into a number of additional sub-categories by what happened and what information (data) was exposed.  What they all have in common is they usually contain personal identifying information (PII) in a format easily read by thieves, in other words, not encrypted.

The NJCCIC currently tracks seven categories of data loss methods:

  • Insider Theft
  • Hacking / Computer Intrusion (also includes Phishing/Skimming/Ransomware/Malware)
  • Data on the Move
  • Physical Theft
  • Subcontractor/Third Party/Business Associate
  • Employee Error / Negligence / Improper Disposal / Lost
  • Accidental Web/Internet Exposure

The NJCCIC currently tracks various types of information compromised:

  • Social Security number
  • Credit/Debit Card number
  • Email/Password/User Name
  • Protected Health Information (PHI)
  • Driver's License
  • Financial Accounts
  • Other/Undefined type of records