ITRC: Data Breaches Up Sharply In 2008

Reports of data breaches in the U.S. rose almost 50 percent in 2008, according to a comprehensive report issued by the Identity Theft Resource Center on Monday.

The ITRC 2008 data breach report, which extracts data from several different breach disclosure sources, reckons that there were 656 compromises in the U.S. last year, up from 446 in 2007.

About 12 percent of the reports came from financial-services firms, up from 7 percent in 2007, the ITRC says. Financial institutions reported more than 18 million records breached last year. Overall, more than 35 million records were compromised in 2008, the report says.

Only 2.4 percent of all breaches involved data where encryption or other strong protective measures were in place, and only 8.5 percent involved password protection, the ITRC reported. "It is obvious that the bulk of breached data was unprotected by either encryption or even passwords," the study states.

Malware attacks, hacking, and insider theft accounted for nearly 30 percent of breaches that cited a cause, the ITRC said. Insider theft more than doubled between 2007 and 2008, accounting for 15.7 percent of the breaches.

Of the five industry sectors the ITRC has monitored during the past three years -- business, educational, government/military, health/medical, and financial/credit -- the financial-services industry had the lowest percentage of the total number of breaches, according to the report.

"The financial, banking, and credit industries have remained the most proactive groups in terms of data protection over all three years," the ITRC said. But financial institutions were among those reporting some of the biggest breaches last year. For example, the Bank of New York Mellon Shareholder Services reported 12.5 million records breached in two separate incidents in which third-party couriers lost unencrypted backup storage tapes.

Chronicles of Dissent, a privacy watchdog organization, offered a different take on the ITRC data.

"Whereas ITRC's analysis might lead to the conclusion that the financial section is the most proactive sector because they represent less than 12 percent of all breaches, inspection of the raw frequency data suggests a somewhat different picture: Reported breaches increased over 250 percent from 2007 to 2008," Chronicles of Dissent said. "That trend indicates that security in the financial sector is not keeping pace with previous threats and new threats to data security."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message