Mobile, TDR

Data breaches rose dramatically during 2008

January 6, 2009

Data breaches increased dramatically in 2008, according to the nonprofit Identity Theft Resource Center (ITRC).

According to the San Diego-based organization's breach report for last year, 656 data-loss incidents occurred by the end of 2008, an increase of 47 percent over 2007's total of 446.

Breaches continue to plague organizations, despite more widespread education on safe information handling, as well as new laws and regulations, the ITRC said Monday.

Hacking and insider theft accounted for about 30 percent of breaches that were reported with a cause. On its own, insider theft more than doubled between 2007 and 2008. 

But breaches related to data-in-motion and accidental exposure, which are categorized as human errors, were fewer in number than the prior year, though still accounting for some 35 percent.

In all, there were 35.7 million records potentially breached, according to the notification letters and information provided by breached entities, the organization said. But almost 42 percent of the reported incidents did not include an estimated number of victims.

Businesses accounted for about 37 percent of the breaches, the highest number of any of the five verticals studied. The others included educational, government/military, health/medical and financial/credit.

The latter group had the fewest breaches last year -- 78. Meanwhile, government and military organizations, which ranked as the most breached vertical in 2006, ranked third most this year.

Given the statistics, the ITRC urges organizations to minimize the number of people who have access to personally identifiable information and require all mobile data storage devices that contain identifying information to be encrypted.

Other measures include limiting the number of people who may take information out of the workplace, and setting safe procedures for storage and transport, the group said. In addition, when sending data or backup records from one location to another, they should be encrypted before leaving the sender.  

prestitial ad