ITRC: Data Breaches Up Sharply In 2008ITRC: Data Breaches Up Sharply In 2008
Insider theft accounts for significant portion of increase, study says
January 7, 2009
Reports of data breaches in the U.S. rose almost 50 percent in 2008, according to a comprehensive report issued by the Identity Theft Resource Center on Monday.
The ITRC 2008 data breach report, which extracts data from several different breach disclosure sources, reckons that there were 656 compromises in the U.S. last year, up from 446 in 2007.
About 12 percent of the reports came from financial-services firms, up from 7 percent in 2007, the ITRC says. Financial institutions reported more than 18 million records breached last year. Overall, more than 35 million records were compromised in 2008, the report says.
Only 2.4 percent of all breaches involved data where encryption or other strong protective measures were in place, and only 8.5 percent involved password protection, the ITRC reported. "It is obvious that the bulk of breached data was unprotected by either encryption or even passwords," the study states.
Malware attacks, hacking, and insider theft accounted for nearly 30 percent of breaches that cited a cause, the ITRC said. Insider theft more than doubled between 2007 and 2008, accounting for 15.7 percent of the breaches.
Of the five industry sectors the ITRC has monitored during the past three years -- business, educational, government/military, health/medical, and financial/credit -- the financial-services industry had the lowest percentage of the total number of breaches, according to the report.
"The financial, banking, and credit industries have remained the most proactive groups in terms of data protection over all three years," the ITRC said. But financial institutions were among those reporting some of the biggest breaches last year. For example, the Bank of New York Mellon Shareholder Services reported 12.5 million records breached in two separate incidents in which third-party couriers lost unencrypted backup storage tapes.
Chronicles of Dissent, a privacy watchdog organization, offered a different take on the ITRC data.
"Whereas ITRC's analysis might lead to the conclusion that the financial section is the most proactive sector because they represent less than 12 percent of all breaches, inspection of the raw frequency data suggests a somewhat different picture: Reported breaches increased over 250 percent from 2007 to 2008," Chronicles of Dissent said. "That trend indicates that security in the financial sector is not keeping pace with previous threats and new threats to data security."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware