2008 Reported Data Breaches Set New Record

No matter how carefully you try to protect your personal and financial information, you are still at the mercy of those companies you choose to give your information too. Unfortunately, it looks like keeping your sensitive data secure is becoming increasingly difficult for some companies. According to the Identity Theft Resource Center (ITRC), 2008 is shaping up to be the year of the greatest number of reported identity-theft security breaches to date:

"As of 9:30 a.m. August 22nd, the number of confirmed data breaches in 2008 stood at 449. The actual number of breaches is most likely higher, due to under-reporting and the fact that some of the breaches reported, which affect multiple businesses, are listed as single events."

The ITRC reports that the total number of breaches it tracked for the entire year of 2007 was 446. Even though 2008's numbers will overshadow the number of reported breaches of previous years, this does not necessarily mean, however, that there will in fact be more security breaches in 2008 than in other years. The ITRC's data often comes from secondary sources, such as media reports--ConsumerAffairs.com reports, "Linda Foley, ITRC Founder, attributes part of the growth of the ITRC's breach list to the ability to access state Attorney General notification lists that contain breaches that were not reported via media or other sources." As such, at least part of the growth comes from the increased number of reported breaches and not just the number of breaches themselves. However, Foley states that only three U.S. states currently publish breach notifications. In answer to the question if there are now really more breaches than every before, there isn't enough data to provide a definitive answer.

According to the latest published findings from the ITRC, the 2008 security breaches (with data up to 08/22/2008) can be broken down as follows:

  • 36.8%: General Businesses
  • 21.3%: Educational Institutions
  • 17%: Government/Military Agencies
  • 14.9%: Medical/Health Care Facilities/Companies
  • 10%: Banking/Credit/Financial Services Entities

As of the ITRC's 08/22/2008 report, the documented 449 breaches represented a total of 22,091,338 individual exposed records. Of these reported breaches, six of the breaches exposed over 1 million records each:

  • 4,504,690 Exposed records: BNY Mellon Shareowner Services (Banking/Credit/Financial), 02/27/2008: Backup tapes missing or stolen
  • 4,200,000 Exposed records: Hannaford Bros Supermarket Chain (Business), 12/07/2007: Computer system breached, sensitive personal information stolen
  • 2,200,000 Exposed records: University of Utah Hospitals (Medical/Healthcare), 06/02/2008: Backup tapes stolen
  • 2,100,000 Exposed records: University of Miami (Educational), 03/17/2008: Backup tapes stolen
  • 2,000,000 Exposed records: Countrywide (Banking/Credit/Financial), 04/04/2908: Employees stealing sensitive personal information
  • 1,000,000 Exposed records: Compass Bank (Banking/Credit/Financial), 05/01/2007: Employee stealing sensitive personal information

(The two 2007 breaches are included with the 2008 data, because the information about these breaches only became pubic in 2008.)

The ITRC reports that security data breaches can happen in a number of ways:

  • Lost or stolen laptops, computers or other computer storage devices
  • Backup tapes lost in transit because they were not sent either electronically or with a human escort
  • Hackers breaking into systems
  • Employees stealing information or allowing access to information
  • Information bought by a fake business
  • Poor business practices- for example sending postcards with Social Security numbers on them
  • Internal security failures
  • Viruses, Trojan Horses and computer security loopholes
  • Info tossed into dumpsters - improper disposition of information

The ITRC Website offers a number of resources for victims of identity theft, preventative measures, scam alerts, and an entire section on educating teens about identity theft.
Comments
3vi1 6 years ago
When asked for comment, a government official said: "I assure you that the ITRC's report is completely overblown. There is absolutely nothing to worry about, Jay H. Madison of 1203 McKinney Lane West Chester Pennsylvania 19380 SSN 431-64-8974."
ice91785 6 years ago
It is just one of those things that will keep going up and up -- its going to be tough to make a TON of positive progress
bob_on_the_cob 6 years ago

In other unbeleaveable news the stock market is down and gas is up!

Dave_HH 6 years ago
Well, BoC, that's an interesting analogy. Actually, data security is going to be a HUGE boom in the years ahead for the stock market. Place your bets now on which companies you think might succeed and you could very well become a very wealthy individual if you call it right. ;-)
bob_on_the_cob 6 years ago

[quote user="Dave_HH"]Well, BoC, that's an interesting analogy. Actually, data security is going to be a HUGE boom in the years ahead for the stock market. Place your bets now on which companies you think might succeed and you could very well become a very wealthy individual if you call it right. ;-)[/quote]

E-trade here I come!

digitaldd 6 years ago

I just wish the companies protecting our info would stop making it so easy to steal it. I mean now that banks issue ATM & credit cards with built-in RFID chips and you can buy an RFID reader online for $30, boost up its power so it can scan from a few feet away then grab hundreds of credits cards/atm cards on a busy subway ride with a simple rig connected to a laptop in a bag or a more complicated rig connected to a PDA.

 

Then there's all those misplaced and stolen laptops with unsecured data on them that we keep hearing about.

benjaminwright 6 years ago

Data breach notices have a scalability problem. As the number of notices soars, we need to better define what is a serious breach and what is not. Otherwise, the public drowns in breach notices, many of which are insignificant. --Ben http://hack-igations.blogspot.com/2007/12/does-lost-tape-equate-to-lost-data.html

digitaldd 6 years ago

[quote user="benjaminwright"]

Data breach notices have a scalability problem. As the number of notices soars, we need to better define what is a serious breach and what is not. Otherwise, the public drowns in breach notices, many of which are insignificant. --Ben http://hack-igations.blogspot.com/2007/12/does-lost-tape-equate-to-lost-data.html

[/quote]

Lost tapes, well if they are encrypted then its not a big deal but how many companies encrypt their backups and do test restores to ensure the backup worked in the first place? very few..

 

Post a Comment
or Register to comment