2008 Reported Data Breaches Sets New Record

rated by 0 users
This post has 8 Replies | 1 Follower

Top 10 Contributor
Posts 25,671
Points 1,155,390
Joined: Sep 2007
ForumsAdministrator
News Posted: Mon, Aug 25 2008 2:43 PM

No matter how carefully you try to protect your personal and financial information, you are still at the mercy of those companies you choose to give your information too. Unfortunately, it looks like 2008 is shaping up to be the year of the greatest number of reported identity-theft security breaches to date, according to the Identity Theft Resource Center (ITRC).

"As of 10 am on August 22, the number of confirmed data breaches stood at 449. The actual number of breaches is most likely higher, due to under-reporting and the fact that some of the breaches reported, which affect multiple businesses, are listed as single events, the group said."

The ITRC reports that the total number of breaches it tracked for the entire year of 2007 was 446. Even though 2008's numbers will overshadow the number of reported breaches of previous years, this does not necessarily mean, however, that there will in fact be more security breaches in 2008 than in other years. The ITRC's data often comes from secondary sources, such as media reports: "Linda Foley, ITRC Founder, attributes part of the growth of the ITRC's breach list to the ability to access state Attorney General notification lists that contain breaches that were not reported via media or other sources." As such, at least part of the growth comes from the increased number of reported breaches and not just the number of breaches themselves. However, Foley states that only three U.S. states currently publish breach notifications. In answer to the question if there are now really more breaches than every before, there isn't enough data to provide a definitive answer.

According to the latest published findings from the ITRC (with data up to 08/12/2008), the 2008 security breaches can be broken down as follows:
  • 36.8%: General Businesses
  • 21.3%: Educational Institutions
  • 17%: Government/Military Agencies
  • 14.9%: Medical/Health Care Facilities/Companies
  • 10%: Banking/Credit/Financial Services Entities

As of the ITRC's 08/12/2008 report--which up to that point had documented 449 breaches--a total of 22,091,338 individual records had been exposed. Of these reported breaches, six of the breaches exposed over 1 million records each:
  • 4,504,690 Exposed records: BNY Mellon Shareowner Services (Banking/Credit/Financial), 02/27/2008: Backup tapes missing or stolen
  • 4,200,000 exposed records: Hannaford Bros Supermarket Chain (Business), 12/07/2007: Computer system breached, sensitive personal information stolen
  • 2,200,000 Exposed records: University of Utah Hospitals (Medical/Healthcare), 06/02/2008: Backup tapes stolen
  • 2,100,000 Exposed records: University of Miami (Educational), 03/17/2008: Backup tapes stolen
  • 2,000,000 Exposed records: Countrywide (Banking/Credit/Financial), 04/04/2908: Employees stealing sensitive personal information
  • 1,000,000 Exposed records: Compass Bank (Banking/Credit/Financial), 05/01/2007: Employee stealing sensitive personal information

(The two 2007 breaches are included with the 2008 data, because the information about these breaches only became pubic in 2008.)

The ITRC reports that security data breaches can happen in a number of ways:
  • Lost or stolen laptops, computers or other computer storage devices
  • Backup tapes lost in transit because they were not sent either electronically or with a human escort
  • Hackers breaking into systems
  • Employees stealing information or allowing access to information
  • Information bought by a fake business
  • Poor business practices- for example sending postcards with Social Security numbers on them
  • Internal security failures
  • Viruses, Trojan Horses and computer security loopholes
  • Info tossed into dumpsters - improper disposition of information

The ITRC Website offers a number of resources for victims of identity theft, preventative measures, scam alerts, and an entire section on educating teens about identity theft.



  • | Post Points: 65
Top 10 Contributor
Posts 5,053
Points 60,700
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Mon, Aug 25 2008 3:12 PM
When asked for comment, a government official said: "I assure you that the ITRC's report is completely overblown. There is absolutely nothing to worry about, Jay H. Madison of 1203 McKinney Lane West Chester Pennsylvania 19380 SSN 431-64-8974."

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 5
Top 50 Contributor
Posts 2,617
Points 32,625
Joined: Oct 2005
Location: Minnesota, United States
ice91785 replied on Mon, Aug 25 2008 3:18 PM
It is just one of those things that will keep going up and up -- its going to be tough to make a TON of positive progress

  • | Post Points: 20
Top 10 Contributor
Posts 6,181
Points 90,135
Joined: Aug 2003
Location: United States, Virginia
Moderator

In other unbeleaveable news the stock market is down and gas is up!

  • | Post Points: 20
Top 25 Contributor
Posts 3,537
Points 54,400
Joined: Jul 2004
Location: United States, Massachusetts
ForumsAdministrator
MembershipAdministrator
Dave_HH replied on Tue, Aug 26 2008 1:18 AM
Well, BoC, that's an interesting analogy. Actually, data security is going to be a HUGE boom in the years ahead for the stock market. Place your bets now on which companies you think might succeed and you could very well become a very wealthy individual if you call it right. ;-)

Editor In Chief
http://hothardware.com


  • | Post Points: 20
Top 50 Contributor
Posts 2,901
Points 24,515
Joined: Jul 2001
Location: United States, New York
digitaldd replied on Tue, Aug 26 2008 8:17 AM

I just wish the companies protecting our info would stop making it so easy to steal it. I mean now that banks issue ATM & credit cards with built-in RFID chips and you can buy an RFID reader online for $30, boost up its power so it can scan from a few feet away then grab hundreds of credits cards/atm cards on a busy subway ride with a simple rig connected to a laptop in a bag or a more complicated rig connected to a PDA.

 

Then there's all those misplaced and stolen laptops with unsecured data on them that we keep hearing about.

  • | Post Points: 5
Not Ranked
Posts 2
Points 55
Joined: Aug 2008

Data breach notices have a scalability problem. As the number of notices soars, we need to better define what is a serious breach and what is not. Otherwise, the public drowns in breach notices, many of which are insignificant. --Ben http://hack-igations.blogspot.com/2007/12/does-lost-tape-equate-to-lost-data.html

  • Filed under:
  • | Post Points: 20
Top 50 Contributor
Posts 2,901
Points 24,515
Joined: Jul 2001
Location: United States, New York
digitaldd replied on Wed, Aug 27 2008 9:02 AM

benjaminwright:

Data breach notices have a scalability problem. As the number of notices soars, we need to better define what is a serious breach and what is not. Otherwise, the public drowns in breach notices, many of which are insignificant. --Ben http://hack-igations.blogspot.com/2007/12/does-lost-tape-equate-to-lost-data.html

Lost tapes, well if they are encrypted then its not a big deal but how many companies encrypt their backups and do test restores to ensure the backup worked in the first place? very few..

 

  • | Post Points: 5
Top 10 Contributor
Posts 6,181
Points 90,135
Joined: Aug 2003
Location: United States, Virginia
Moderator

Dave_HH:
Well, BoC, that's an interesting analogy. Actually, data security is going to be a HUGE boom in the years ahead for the stock market. Place your bets now on which companies you think might succeed and you could very well become a very wealthy individual if you call it right. ;-)

E-trade here I come!

  • | Post Points: 5
Page 1 of 1 (9 items) | RSS