Data breaches skyrocket in 2008.
The Identity Theft Resource Center (ITRC) monitors five groups for data breaches annually (see chart). It found that the financial, banking, and credit industries have remained the most proactive groups in data protection over the past three years. Businesses accounted for about 37% of the breaches, the highest number of any of the five groups studied. The government/military category has dropped nearly 50% since 2006, moving from the highest number of breaches to the third-highest.
Malware attacks, hacking, and insider theft accounted for about 30% of breaches. On its own, insider theft more than doubled between 2007 and 2008, the ITRC reported, accounting for more than 15% of breaches. But breaches related to data-in-motion and accidental exposure, which are categorized as human errors, declined in 2008 compared with 2007, though they still accounted for about 35% of incidents.
Only 2.4% of all breaches involved data when encryption or other strong protective measures were in place, and only 8.5% involved password protection, the ITRC reported. "It is obvious that the bulk of breached data was unprotected by either encryption or even passwords," the study states.
In all, the ITRC found about 36 million records were potentially breached in 2008, based on figures derived from the notification letters and information provided by breached entities. But almost 42% of the reported incidents did not include an estimated number of victims.
Given the statistics, the ITRC urges organizations to minimize the number of people who have access to personally identifiable information and require encryption for all mobile data storage devices that contain identifying information. In addition, organizations should limit the number of people who may take information out of the workplace and set safe procedures for data storage. Another critical practice is encrypting data and records before sending them from one location to another.
For more details, go to www. idtheftcenter.org.
2008 Data Breaches 2008 Number of Breaches 2008 2007 2006 Business 240 36.6% 28.9% 21% Educational 131 20.0% 24.8% 28% Government/Military 110 16.8% 24.6% 30% Health/Medical 97 14.8% 14.6% 13% Financial/Credit 78 11.9% 7% 8% Paper vs. Electronic Breaches Electronic Number of Breaches: 540 Number of Records: 35,125,425 Percent of Breaches: 82.3 Percent of Records: 98.4 Paper Number of Breaches:116 Number of Records: 565,830 Percent of Breaches: 17.7 Percent of Records: l.6 Total Breaches: 656 Records Exposed: 35,691,255 Source: ITRC (idtheftcenter.org)
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||DATA SECURITY|
|Publication:||Information Management Journal|
|Article Type:||Statistical data|
|Date:||Mar 1, 2009|
|Previous Article:||Germany approves controversial law.|
|Next Article:||UK data centers close to bursting point.|