According to findings from the Identity Theft Resource Center, the number of reported data breaches in the United States in 2008 hit 656, nearly 50 percent more than in 2007. The organization puts the number of data records exposed at roughly 35.7 million, but concedes the actual number could be much higher.
The number of reported data breaches in the United States jumped nearly 50 percent in 2008, according to by the Identity Theft Resource Center.
All totaled, there were 656 breaches reported last
year, up from 446 in 2007. While the 656 may not sound like a lot, they
led to nearly 35.7 million records being exposed. More alarming, only
2.4 percent of all the data breaches had
the information secured by encryption or other strong protection
methods. Just 8.5 percent had the exposed data protected by passwords.
"Our sense is that two things are happening - the criminal
population is stealing more data from companies and that we are hearing
more about the breaches," the ITRC said in a statement. "ITRC has been
tracking breaches since 2001. One thing we absolutely can say is that
[data breaches are] not a new problem."
According to the study, 240 of the breaches happened in the business
community. The ITRC lauded the financial sector as the most
proactive group as far as data protections, as the study found the
financial and credit industries accounted for only 78 of the breaches.
Data breaches happen in a variety of ways, from dramatic cases of
hacking and insider theft to more mundane situations such as lost
laptops. However, insider threats have risen to account for 15.7
percent of the reported breaches, more than double where it stood in
Due to the variance of breach notification laws in the United States, the numbers may only be the tip of the iceberg.
"While there were 35.7 million records potentially breaches
according to the notification letters and information provided by
breached entities, 41.9 percent went unreported or undisclosed, making
the total number of affected records an unreliable number to use for
any accurate reporting," according to the ITRC.