The Identity Theft Resource Center recorded 662 data breaches in the United States in 2010, a nearly 33 percent increase from 2009. To cybersecurity analysts, this is further proof that organizations that handle and store sensitive digital data need to do a much better job.
Paper breaches accounted for nearly 20 percent of all reported security breaches, according to the ITRC’s annual Breach List. Malware attacks that siphoned data from computers accounted for 17.1 percent of stolen data.
The ITRC defines a breach as any event that potentially puts a person’s name, Social Security number, drivers license number, medical record or financial record (credit or debit card) potentially at risk either in electronic or paper format.
In all, the 662 data breaches exposed a total of 16,167,542 records. It’s a seemingly staggering number, though the ITRC adamantly states in a press release that the statistic may in fact be drastically low.
The 2010 report clearly shows that some companies listed the exact number of documents exposed in their incidents. The Los Angeles Firemen’s Credit Union, for example, exposed 28,000 records on May 5, 2010, and Education Credit Management Corp. exposed 3,300,000 records in a March 2010 incident.
Other breaches, however, were not as transparent. Nearly half of all the data breaches did not indicate the number of potentially compromised records.
“Other than breaches reported by the media and a few progressive state websites, there is little or no information available on many data breach events,” stated the ITRC. “It is clear that without a mandatory national reporting requirement, that many data breaches will continue to be unreported, or under-reported.”
With increased threats of crime rings, mail and check fraud forecasted for 2011, the ITRC said that mandatory reporting of data breaches could lead to more transparency for consumers whose identities are put at risk, as well as assisting law enforcement agencies in investigating the incidents.
Securing scores of personal data will always be a difficult task, said George Smith, senior fellow with GlobalSecurity.org. Getting each company to report specific data breaches is an continuing battle as well.
"Companies may not always cooperate," Smith told SecurityNewsDaily. "It's understandable corporate behavior. There's never absolutely full cooperation and transparency. One can only hope for the best."
As of January 4, 2011, nine breaches have already been reported in 2011, with 175 documents potentially exposed.
Original article posted on MSNBC.com