GREENSBORO, NC -- Chances are, you're part of the statistics. For every three people in our state, two of them had their identity compromised in 2017. All total, 5.3 million people were affected by data breaches last year.

And while Equifax or Uber make the headlines for breaches, it's all industries. The NC Attorney General's Office put all the data breaches into context. The majority were from general businesses with financial services coming in next.

READ: NC AG's Report On ID Theft

Why they were breached is another story. Hacking and unauthorized access makes up 50% of the breaches, but 12% was accidental release of information and 24% was from phishing scams (Which is when you get an email that looks real and asks you for company information. This just happened to Rockingham County schools.)

But no matter the reason how it happened, it happened. And when it does, you should know about it. Right now companies have to report a breach in a “reasonable amount of time”. Hmmmm. Is that reasonable for you and me or the business? Right.

“Even the Equifax breach, they knew about it for 40 days before the rest of us did,” explains NC AG Josh Stein. “We should be able to make the decisions, not the company that's been breached. “

Stein wants to define "reasonable" as a 15 day reporting period. 2WTK talked to him about a bill he's urging state lawmakers to put into law. It's called the Act to Strengthen Identity Theft Protections. What else is in there?

A 2WTK favorite is the credit freeze change. Right now, you have to freeze your credit at all three bureaus. But the act would allow you to freeze it at one--and it covers all three automatically. This saves you time.

And the credit freeze online is free right now, but this act would make it free to do it by phone and mail too. And speaking of those credit bureaus, AG Stein believes you should be in control of your information.

“It's our information, we didn't ask these big companies to aggregate the info. All this data is about us and if someone wants to access that data about us, they should have written permission from us before they can do that.”

The bill will be introduced in the May session. We'll keep you posted on the progress.