2008-08-25 11:00:00
As of August 22, ITRC's list surpasses 446 documented breaches
SAN DIEGO, Aug. 25 // -- The total number of breaches on the
Identity Theft Resource Center's 2008 breach list has surpassed the final
total of 446 reported in 2007 -- more than four months before the end of
2008. As of 9:30 a.m. August 22nd, the number of confirmed data breaches in
2008 stood at 449. The actual number of breaches is most likely higher, due
to under-reporting and the fact that some of the breaches reported, which
affect multiple businesses, are listed as single events. In the last few
months, two subcontractors became examples of these "multiple" events. In
one case, the customers and/or employees of at least 20 entities were
affected by a breach that the ITRC reported as a single breach event.
ITRC recognizes that 449 breaches in less than a year is a small number
when compared to the total number of business, governmental, health,
banking and educational entities that have databases. However, for the
individuals whose information has been exposed, 449 data exposure events
are still too many. It should be noted that the growth in the number of
breaches from year to year can no longer only be attributed to required
reporting laws and media investigative work.
Linda Foley, ITRC Founder, attributes part of the growth of the ITRC's
breach list to the ability to access state Attorney General notification
lists which contain breaches that were not reported via media or other
sources. "If more states would publish breach notification lists, there
would be more information to study and to help us understand this growing
concern," Foley said. "At this time, only three states publish such
information. Additionally, more companies are starting to audit their
security and network systems and use readily available security measures.
This pro-active approach means that breaches are being identified that
might otherwise have gone undetected."
"The number of attacks, in addition to publicly disclosed breaches,
continues to escalate as criminal networks mushroom around the world, while
economies weaken," said Avivah Litan, Vice President and Distinguished
Analyst, Gartner Inc. "A more concerted effort is required among companies
to secure and protect customer data, regardless of regulatory oversight."
In the last few weeks, the U.S. Secret Service announced its
investigation of a cybercrime group that may have hacked tens of thousands
of credit and debit card accounts from Louisiana and Mississippi
restaurants this year, allegedly leading to over $1 million in losses for
the banks that issued them.
Also, on August 5, the U.S. Attorney General's office announced the
indictments of 11 defendants who tapped the computer networks of TJX Cos.'
Marshalls, BJ's Wholesale Club Inc., Barnes & Noble Inc. bookstores, Sports
Authority, Boston Market Corp., OfficeMax Inc., Dave & Buster's
restaurants, DSW Inc. shoe stores and Forever 21.
"These two cases highlight our increasing vulnerability to the theft of
personal information. Unsecured networks are a friendly target for such
groups. Additionally, insider theft, data on the move and inadvertent
posting of personal information to Web sites add to the problem. Breaches
are not simply the result of malicious attacks but also of human error and
poor information handling procedures," stated Rex Davis, ITRC's Director of
Operations.
"It is critical that law enforcement, governmental agencies,
businesses, consumers and legislators understand the causes of breaches.
With this in mind, the ITRC has continued to create new database tools to
better analyze breach information. When we understand how data is exposed
or stolen, we can avert many breaches because of improved security
procedures and safer information handling," explained Jay Foley, ITRC
Executive Director.
It should be noted that the ITRC does not place an inordinate weight on
the count of records exposed. While the ITRC's 2008 breach list reflects
compromised records of more than 22 million, in more than 40% of breach
events, the number of records exposed is not reported or fully disclosed.
This means the number of affected records is grossly incomplete and
unusable for any statistic or research purpose. The use of potentially
affected records generally causes more concern and is "news-sexy."
The ITRC breach list is a compilation of breaches confirmed by various
media sources, notification lists from state governmental agencies. ITRC
uses several websites to help search for verifiable breaches, such as
pogowasright.org, phiprivacy.net, The Breach Blog and attrition.org. To
qualify breaches must include personal identifying information that could
lead to identity theft, especially the loss of Social Security numbers.
The purpose of the ITRC breach list is not to point a finger at any one
company; rather it is to study the problem of breaches. What are the weak
links in security that might lead to a breach? What policy changes need to
be considered? What protocols need to be established and then taught to all
employees, including the highest ranking executive? Can risk levels be
predicted or reduced?
Additional types of ITRC Breach Reports are now available on our
website at:
http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtm
l
About the ITRC
The Identity Theft Resource Center(R) (ITRC) is a non-profit
organization established to support victims of identity theft in resolving
their cases, and to broaden public education and awareness in the
understanding of identity theft. It is the on-going mission of the ITRC to
assist victims, educate consumers, research identity theft and increase
public and corporate awareness about this problem. Additionally, ITRC has a
complete breach response program to help businesses prepare for a breach,
or respond to a data exposure event. Visit http://www.idtheftcenter.org
Funding for this project was provided by a grant from the California
Consumer Protection Foundation.
Major Newsire & Press Release Distribution with Basic Starting at only $19 and Complete OTCBB / Financial Distribution only $89
Get Unlimited Organic Website Traffic to your WebsiteÂ
TheNFG.com now offers Organic Lead Generation & Traffic Solutions
