The annual Identity Theft Resource Center Breach Report is complicated by the fact that not all details of major data breaches are publicly reported. Reported incidents often fail to disclose the exact number of compromised records. ITRC alluded to local laws and state policies that deny public access to data breach information as the major roadblock to accurate reporting results.
A major undeniable theme throughout the ITRC report was the impact that data breaches via hacking had on the business sector in 2009. In fact, business ranked as the most vulnerable segment for data breaches, clocking in at 41% of total incidents. The final scorecard for the business sector included 10.6% of all hacking-related breaches and 58.7% of all compromised records over the last year. Tracking data from ITRC indicate that 2009 was the fifth consecutive year that businesses increased their share of data breach incidents, up from 21% in 2006.
ITRC cited the “organization and sophistication of crime rings” as the major factors for this steady increase. Although the actual number of data breach incidents decreased when compared with 2008, highly publicized hacking incidents, such as Heartland Payments Systems, still resulted in 30 million compromised records from just a single hack. The Heartland case was second only to the US Military, which reported more than 76 million exposed records in 2009.
Other sectors fared much better in preventing hacking-related data breach incidents in 2009. Among them: financials (2.0%), education (3.6%), government/military (1.6%), and medical/healthcare (1.6%).
The report also underlined the importance of encryption security features. Of the reported 498 data breaches in 2009, only six organizations reported the use of “encryption or other strong security features protecting the exposed data”.