by Ondrej Krehel
The nonprofit Identity Theft Resource Center (ITRC) recently released a report on data breaches in 2010 that is well worth considering.
The center documented 662 reported breaches, yet this is likely only a fraction of the total breaches that happened last year. Their list comes from a compilation of other studies and breaches reported by “the media and a few progressive state websites.” Most data breaches, many believe, are either not reported or underreported.
[Related: The Cyber World We Live In]
Still, the study found:
- Despite this digital world around us, paper breaches account for nearly 20 percent of known breaches. “There is generally no mandatory reporting requirement for paper breaches,” the report notes.
- Hacker attacks account for 17.1 percent of breaches, compared to 15.4 percent from insider theft.
- Almost 40 percent of the reported breaches did not specify how the data was exposed. “This indicates a clear lack of transparency and full reporting to the public,” the report states.
- Social Security numbers were exposed in 412 breaches—62 percent of all breaches.
- 170 breaches, or 26 percent, involved credit or debit cards.
Another independent source of reported data breaches can also be found at http://datalossdb.org/.
The ITRC report stands as an excellent snapshot of what’s happening in the industry and, if anything, the need for transparency and legislative measures in data breach reporting. Businesses need to be encouraged not to add insult to injury after a data breach. By guarding the details of a breach—or even hiding the fact that one occurred—rather than sharing the forensics information gathered after the fact, companies are doing a disservice to their peers and customers.
Ondrej Krehel, Chief Information Security Officer, Identity Theft 911
Ondrej has more than a decade of network and computer security experience. His expertise extends to investigations of intellectual property theft, massive deletions, defragmentation, anti-money laundering and computer hacking. He led U.S. computer security projects at Stroz Friedberg and worked in IT security at Loews Corp.
Leave a Reply