The nonprofit Identity Theft Resource centre (ITRC) recently released a report on data breaches in 2010 that is well worth considering.
The centre documented 662 reported breaches, yet this is likely only a fraction of the total breaches that happened last year. Their list comes from a compilation of other studies and breaches reported by “the media and a few progressive state websites.” Most data breaches, many believe, are either not reported or underreported.
[Related: The Cyber World We Live In]
Still, the study found:
- Despite this digital world around us, paper breaches account for nearly 20 per cent of known breaches. “There is generally no mandatory reporting requirement for paper breaches,” the report notes.
- Hacker attacks account for 17.1 per cent of breaches, compared to 15.4 per cent from insider theft.
- Almost 40 per cent of the reported breaches did not specify how the data was exposed. “This indicates a clear lack of transparency and full reporting to the public,” the report states.
- Social Security numbers were exposed in 412 breaches—62 per cent of all breaches.
- 170 breaches, or 26 per cent, involved credit or debit cards.
Another independent source of reported data breaches can also be found at http://datalossdb.org/.
The ITRC report stands as an excellent snapshot of what’s happening in the industry and, if anything, the need for transparency and legislative measures in data breach reporting. Businesses need to be encouraged not to add insult to injury after a data breach. By guarding the details of a breach—or even hiding the fact that one occurred—rather than sharing the forensics information gathered after the fact, companies are doing a disservice to their peers and customers.
[Featured Product: Get Peace of Mind with IDENTITY GUARD® TOTAL PROTECTION]
Image by , via Flickr