More than 35 million data records were breached in 2008 in the United States, a figure that underscores continuing difficulties in securing information, according to the Identity Theft Resource Center (ITRC).
The majority of the lost data was neither encrypted nor protected by a password, according to the ITRC's report.
[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]
It documents 656 breaches in 2008 from a range of well-known U.S. companies and government entities, compared to 446 breaches in 2007, a 47 percent increase. Information about the breaches was collected by tracking media reports and the disclosures companies are required to make by law.
Data breach notification laws vary by state. Some companies do not reveal the number of data records that have been affected, which means the actual number of data breaches is likely much more than 35 million.
"More companies are revealing that they have had a data breach, either due to laws or public pressure," the ITRC wrote on its Web site. "Our sense is that two things are happening -- the criminal population is stealing more data from companies and that we are hearing more about the breaches."
The data breaches came from a variety of mishaps, including theft of laptops, hacking, employees improperly handling data, accidental disclosure and problems with subcontractors.
BNY Mellon Shareowner Services, an investment bank based in New Jersey, reported the highest number of breached records: 12.5 million. A box of computer tapes containing names, as well as Social Security and account numbers, was lost in February 2008. A lock on the truck transporting the tapes was broken, and the truck had been left unattended, according to news reports. The tapes were not encrypted.
The business community had the most breaches, comprising more than a third of the 656 breaches, ITRC said. Government and military organizations came in at 16.8 percent, the second-highest tally. However, that's an improvement over 2006, when that sector comprised nearly 30 percent of all reported data breaches, the center said.
Some 15.7 percent of all breaches were attributed to insider theft, a figure that more than doubled between 2007 and 2008, ITRC said.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Security Resource Alerts
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »
Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »
Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »
Recommend This
