The book has closed on 2010, and with it comes word from the ITRC that 662 reported data breaches occurred during the year that came to an end this past weekend. Infosecurity notes that the number of true data breaches is likely higher, owing to the fact that not all breaches are required to be reported by law.
The ITRC took the opportunity to highlight the apparent lack of transparency regarding data breach reporting. “Other than breaches reported by the media and a few progressive state websites, there is little or no information available on many data breach events”, IRTC said in a press release statement reflecting on the year-end numbers. “It is clear that without a mandatory national reporting requirement, that many data breaches will continue to be unreported, or under-reported.”
A couple of noteworthy lowlights from the report include breaches affecting two of the ‘Holy Grails’ of personal information: Social Security numbers and credit/debit card details. Sixty-two percent of the reported incidents involved the loss of Social Security data, or 76% of the known records. A further 26% of the breaches involved payment card information, or 29% of the reportedly compromised records.
ITRC’s analysis shows that 51% of publicly reported data breaches disclosed the total number of records compromised, coming in at 16.1 million records total. However, this means almost half of all reported data breaches failed to reveal the number of compromised records, a fact the ITRC claims is “another argument for mandatory reporting”.
The ITRC’s yearly data breach tally has experienced a bit of a yo-yo effect over the last few years: in 2009 it recorded 498 breaches, 657 in 2008, and 446 in 2007.
In its statement, the ITRC acknowledged that “breaches happen”, but that “the business community need to stop acting like ostriches with their heads in the sand”.
“Mandatory reporting is on the horizon”, the ITRC warned. “It will be demanded either by consumer lobbying or legislation”.
Comments
DerekBeckwith says:
05 January 2011
Thank you for writing this article. We have posted a link to it on Identity Theft Daily News (www.idtheftdailynews.com) -- our news portal for breaking stories on data breaches, identity theft and compliance.
You present a fair overview of the pervasiveness of data breaches, and makes note of the fact that a very small number of them are ever actually reported. The 662 publicly reported breaches in the U.S. last year are just the tip of the iceberg. A point in case is our 2010 survey of hospitals, where over 40% of U.S. hospital executives reported that their organizations experience 10 or more breaches each year. That means there are thousands of breaches annually in the health care industry alone -- but most are not reported. A copy of our report can be found at www.identityforce.com/Press.php.
Thanks again for keeping businesses and the public informed. Hopefully 2011 will see more and more businesses incorporating proactive policies and procedures to eliminate breaches -- and to follow proper notification guidelines as required by law.
Note: The majority of comments posted are created by members of the
public. The views expressed are theirs and unless specifically stated are not those
Elsevier Ltd. We are not responsible for any content posted by members of the public
or content of any third party sites that are accessible through this site. Any links
to third party websites from this website do not amount to any endorsement of that
site by the Elsevier Ltd and any use of that site by you is at your own risk. For
further information, please refer to our Terms & Conditions.
Comment on this article
You must be registered and logged in to leave a comment
about this article.