2008 on pace for record number of breaches
The center also noted, in this latest report, a rise in insider thefts, particularly within the business community.
As of Tuesday, the center had recorded 167 incidents that exposed 8,391,871 personal records this year, punctuated by Hannaford Bros. grocery breach that potentially compromised some 4.2 million credit and debit card numbers.
The center had tracked just 76 breaches by April 1, 2007. For all of 2007, the center said that 127,725,343 personal records were stolen in 446 breaches.
In addition to the increased threat landscape, the ITRC saw "a shift in who's having breaches," Jay Foley, the ITRC's executive director, told SCMagazineUS.com.
The business community has suffered more heavily this year than in the past, he said, noting that only 21 percent of the breaches the center tracked in 2006 involved the business sector compared to 29 percent in 2007 and 36 percent this year.
However, companies in the financial vertical, on the other hand, have suffered fewer breaches since the ITRC began tracking data-loss incidents. In 2006 they were responsible for 8 percent of the breaches; this year that was down to 7.2 percent.
Educational institutions accounted for 28 percent of the breaches in 2006 and 25 percent in 2007 and 2008. Government agencies suffered 30 percent of 2006's losses, then dropped to 24.6 percent in 2007 and 18 percent so far this year. Medical and health care organizations had 13 percent of the 2006 losses, 15 percent for 2007 and 14 percent for 2008.
Foley attributed stringent government regulations to the financial sector's improvement.
"That industry has the strongest regulatory controls of any group, the companies have been at it longer, and there are a variety of laws they must comply with," he said.
On the other hand, "We're seeing more and more reports of insider thefts and more data on the move being lost" by the business community, he said. He noted that 15 percent of the breaches the ITRC has tallied this year came from insiders.
"That means someone within the organization is helping himself to data, and that's rather alarming,” Foley said.
The problem, Foley said, is that some businesses are not governed by the same regulations of banks, hospitals and the military so they lack similar security measurements.