Data breaches happen when sensitive data is exposed to unauthorized personnel because of weaknesses in computer security networks or hacking activities. The most common types of cyber attacks in Alaska include tech support scams, ransomware attacks, and personal data breaches. FBI records show that in 2022 alone, 1,600 Alaskans were targets of internet crimes. These cyber crimes resulted in the loss of more than $16 million. Most internet criminals executing romance scams, personal data breaches, and tech support scams mainly target elderly Alaskans. Moreover, the FBI has noted that these statistics do not reflect the scale of cyber crimes in Alaska because embarrassment prevents many victims from reporting such scams.

Identity Theft Statistics

Identity Theft
State Rank (Reports per 100K Population)
Identity Theft Reports
Fraud & Other
State Rank (Reports per 100K Population)
Total Fraud & Other Reports
Total Fraud Losses
Median Fraud Losses

Top Ten Report Categories

Imposter Scams
Identity Theft
Prizes, Sweepstakes and Lotteries
Telephone and Mobile Services
Online Shopping and Negative Reviews
Banks and Lenders
Auto Related
Health Care
Debt Collection
Internet Services

Top Identity Theft Types

Credit Card Fraud
Other Identity Theft
Bank Fraud
Employment or Tax-Related Fraud
Loan or Lease Fraud
Phone or Utilities Fraud
Government Documents or Benefits Fraud

Alaska's Recent Biggest Data Breaches


Lower 48 Health Care Technology Company Data Breach

In February 2024, a Lower 48 Healthcare Technology Company experienced a data breach that negatively impacted several Alaskan pharmacies. The cyberattack has disrupted insurance payment processes and caused delays in providing electronic prescriptions. That has compelled patients to use cash to pay for medications and prescriptions in Alaska's pharmacies. The data breach impacted UnitedHealth Group, a major health insurance provider in Alaska. The breach prevented institutions like the Lower 48 Health Care Technology Company from facilitating the processing of medication claims to insurance corporations for payment. As the case is still ongoing, Lower 48 Health Care Technology keeps updating its customers about how to safeguard their personal information. The institution has also offered free identity monitoring services for a stipulated period.


Alaska Railroad Data Breach

In December 2022, the Alaska Railroad Corporation experienced a data breach. Hackers infiltrated the Railroad's network system and stole employees' and vendors' personal information. Some of this data included banking account details, dates of birth, Social Security numbers, marriage and birth certificate details, employer tax identification numbers, drug screening results, and health insurance data. That information could be used to launch credit card fraud and phishing attacks or implement medical identity theft and online impersonation. More than 4,700 individuals were affected by the cyber attack. On March 18, 2023, the Alaska Railroad Corporation informed its clients about the data breach. The Alaska Railroad Corporation also engaged forensic investigators and law enforcement officials to investigate the incident. The organization has engaged cybersecurity specialists to upgrade its security system and offered the affected individuals free identity theft protection and credit monitoring services.


Alaska Department of Health Data Breach

In May 2021, Alaska's Department of Health and Social Services (DHSS) experienced a data breach that compromised residents' financial information. The hackers launched a malware attack that enabled them to steal thousands of residents' phone numbers, Social Security numbers, full names, financial data, dates of birth, and driver's license numbers. The cyber attack also exposed residents' historical information concerning their interactions with the DHSS and identifying Medicaid numbers. Alaskan officials removed the DHSS website after detecting the data breach on May 2. The cyber attack was reported to Alaska's Attorney General's office. Moreover, the officials delayed informing affected residents about the data breach to avoid interfering with the ongoing criminal investigation. On September 16, 2020, the DHSS announced the data breach in a press release that also informed Alaskans who had volunteered information to the DHSS about how to prevent identity theft. The DHSS also established a hotline to help concerned residents sign up for credit monitoring services.


Data Breach Affects Alaska Court System

Alaska's Court System suffered a cyber attack in April 2021. The ransomware attack negatively impacted the State's court system, which has long been dependent on outsourcing security services. The Court System's cybersecurity system immediately identified unusual activity. To limit the impact of the hacking activity, the Court System cut off all external internet access. Alaskan officials also hired cybersecurity specialists who placed tracing software in the network to comprehend the extent of the data breach. Keeping the court system offline for a month enabled cybersecurity experts to lock the hackers out of the network, reconfigure firewalls, bolster security, rebuild systems, and restore backup systems. During the month when it was offline, Alaska's Court System could not process online bail postings or facilitate the e-filing of cases. Court workers had to revert to old fax machines and carry out hearings by telephone. After the Court System returned online, Court workers re-trained workers on how to use backup methods and internet-based security functions.


Elections Data Breach in Alaska

In 2020, Alaska's Division of Elections Online Voter Registration System suffered a data breach. The cyber attack affected Alaska's online voter registration database, not the voter tabulation system. The hackers exploited an internal flaw that enabled them to access voter information. The data breach compromised the personal details of 113,000 Alaskans. These details included mailing and residential addresses, driver's license data, the last four digits of voters' Social Security numbers, party affiliation, registered voters' names, and state identification numbers. Moreover, this data breach did not adversely affect the actual election results. That is because Alaska's Division of Elections personnel engaged independent computer forensics contractors and State Security Office employees to investigate the data breach and prevent it from affecting the outcome of the elections. Alaskan election officials also complied with State laws regarding the exposure of sensitive information. Alaska's Online Voter Registration System is currently secure. Investigators established that the hackers wanted to shake voter confidence and spread propaganda but were unsuccessful.

What Should You Do if You Are in a Breach?

Unfortunately, data breaches are pretty common now, considering our online connections and dependence on digital service delivery. Criminals work in the shadows to steal your personal information, so sometimes, it's only when you notice certain signs that ongoing fraud becomes apparent. These danger signs apply to both individuals and businesses.

Credit Card Charges

If you find unauthorized transactions on your credit card, there is a significant possibility your phone number, email address, or card number has been compromised.

Calls from
Debt Collectors

Phone calls or letters from collection agencies seeking debt payment for a loan you do not remember taking are also signs of identity theft.

New Credit Cards
or Loans in Your Name

A new line of credit in your name or a loan taken is a warning sign you are a victim of identity theft.

Surprise Credit
Score Drops

Sudden credit drops with no obvious cause are a sign of suspicious activities.

Unusual Activity on Your
Social Security Account

The federal government also considers social security numbers personal identifiers, so check your social security statement regularly to ensure no one has access to benefits without consent.

Inability to
to Accounts

If you are locked out of the account, it is usually because someone has hacked into it and changed the password. You should immediately try all possible recovery options and contact customer support if all fails.

Step-by-Step Process for Responding to a Data Breach


Contact Local Law Enforcement

As an individual or a business, report the incident to the police and file a police report.


Assess and Secure Compromised Areas

Identify which aspects of your information have been affected, such as emails, passwords, credit card numbers, social security numbers, full names, and phone numbers.


Contain the Breach

Isolate the affected system to prevent further damage.


Create New, Strong Passwords for All Accounts

This may involve changing usernames and passwords for compromised platforms, using strong passwords with a mix of upper and lower-case letters, digits, and special characters.


Notify Affected Institutions

Inform your bank, credit card companies, and other affected institutions. Request they close or freeze any accounts that may be implicated in the breach to reduce financial risk.


Update Security on Digital Accounts

Change passwords for all accounts affected by the breach. Make sure each password is totally unique, and you use two-factor verification as an additional layer of security.


Check for Malware

Examine your computers and mobile devices for installed malware. Install robust antivirus software to detect and remove any viruses or malicious software.


Freeze Your Credit

In cases of identity theft, contact all credit bureaus to freeze your credit.


Monitor Your Mail and Credit Reports

Keep an eye out for any unauthorized changes in your mail.


Engage Legal Assistance When Applicable

If you are a business, consider hiring a law firm experienced in handling data breaches.

Responsibilities of Companies that Have Been Breached

Alaska's state regulations mandate that business organizations within Alaska inform their clients of data breaches within 60 days of the incident. In Alaska, personal information protected by data breach laws includes driver's license numbers, Social Security numbers, health insurance data, debit and credit card account numbers, medical information, passport numbers, date of birth, email addresses, state ID numbers, and passwords. Cyber security attacks that must be reported include Denial of Service (DoS) attacks, malware incidents, the use of ransomware, and identity theft incidents that affect more than 1000 persons. Business organizations may delay informing customers about data breaches if that action interferes with ongoing criminal investigations. Additionally, businesses are expected to notify affected clients about data breaches by written or electronic notice. Organizations may use substitute notices like statewide media or their website to inform clients of data breaches if using electronic or written notice exceeds $150,000. If an organization fails to follow these regulations in the event of a data breach, Alaska's Attorney General may impose a penalty fine that does not surpass $500.


  • Enacted in 2008, Alaska Statutes 45.48.010 [Personal Information Protection Act] establishes the regulations that organizations and business entrepreneurs in Alaska must follow when they experience a data breach. This statute specifies what data is legally protected as personal information by Alaskan law. Based on this law, business entities in Alaska may provide substitute breach notifications to customers or clients under specific circumstances. These circumstances include when the cost of issuing data breach notifications surpasses $150,000 or when the entity does not have adequate contact information to provide clients with standard notifications. Under this Statute, Alaska's Attorney General may impose sanctions on business entities or entrepreneurs who do not adhere to these laws. These sanctions include a fine of $500 for every violation.