Printer Friendly

Data breaches skyrocket in 2008.

The Identity Theft Resource Center (ITRC) monitors five groups for data breaches annually (see chart). It found that the financial, banking, and credit industries have remained the most proactive groups in data protection over the past three years. Businesses accounted for about 37% of the breaches, the highest number of any of the five groups studied. The government/military category has dropped nearly 50% since 2006, moving from the highest number of breaches to the third-highest.

Malware attacks, hacking, and insider theft accounted for about 30% of breaches. On its own, insider theft more than doubled between 2007 and 2008, the ITRC reported, accounting for more than 15% of breaches. But breaches related to data-in-motion and accidental exposure, which are categorized as human errors, declined in 2008 compared with 2007, though they still accounted for about 35% of incidents.

Only 2.4% of all breaches involved data when encryption or other strong protective measures were in place, and only 8.5% involved password protection, the ITRC reported. "It is obvious that the bulk of breached data was unprotected by either encryption or even passwords," the study states.

In all, the ITRC found about 36 million records were potentially breached in 2008, based on figures derived from the notification letters and information provided by breached entities. But almost 42% of the reported incidents did not include an estimated number of victims.

Given the statistics, the ITRC urges organizations to minimize the number of people who have access to personally identifiable information and require encryption for all mobile data storage devices that contain identifying information. In addition, organizations should limit the number of people who may take information out of the workplace and set safe procedures for data storage. Another critical practice is encrypting data and records before sending them from one location to another.

For more details, go to www.

2008 Data Breaches

                      2008 Number
                       Breaches      2008    2007    2006

Business                  240       36.6%   28.9%    21%
Educational               131       20.0%   24.8%    28%
Government/Military       110       16.8%   24.6%    30%
Health/Medical             97       14.8%   14.6%    13%
Financial/Credit           78       11.9%      7%     8%

Paper vs. Electronic Breaches

  Number of Breaches: 540     Number of Records: 35,125,425
  Percent of Breaches: 82.3   Percent of Records: 98.4

  Number of Breaches:116      Number of Records: 565,830
  Percent of Breaches: 17.7   Percent of Records: l.6

Total Breaches: 656
Records Exposed: 35,691,255

Source: ITRC (
COPYRIGHT 2009 Association of Records Managers & Administrators (ARMA)
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2009 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:DATA SECURITY
Publication:Information Management Journal
Article Type:Statistical data
Geographic Code:1USA
Date:Mar 1, 2009
Previous Article:Germany approves controversial law.
Next Article:UK data centers close to bursting point.

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters