2009 Identity Theft Resource Center Breach Report
The Identity Theft Resource Center’s numbers on last years’ data breaches are out, but despite some figures that are seemingly good news, the overall picture is muddled if not outright bleak.
Nearly 500 data breaches were reported last year – a 25% decrease from 2008. That’s the first decrease in reported data breaches since the ITRC began tracking data breaches in 2005. However, more than 220 million records were reported as lost or compromised, according to the 2009 ITRC Data Breach Report – a 630% increase from the 35 million reported in 2008.
Further clouding the question of whether data security is improving or worsening is that only two data breaches were responsible for nearly 96% of all reported lost or compromised records last year: Heartland Payment Systems and the National Archive and Records Administration (NARA).
Hackers attacked Heartland, a credit card payment processor, and stole 130 million records. Another 76 million records were compromised when NARA sent a hard drive with the unencrypted personal information of 76 million servicemen out for repair.
Among the bleakest news of all though, is that only six of all the data breaches last year involved encrypted records, only slightly more than 1% of the total.
“Why are organizations that have these massive amounts of our data still not encrypting it?” asks Linda Foley, ITRC director and co-founder. “When we know we have these super breaches going on, why are they resisting a technology that could prevent them?
But, in the end all the numbers are nearly meaningless in the overall picture because what can’t be measured are the number of unreported data breaches, and the numbers of affected records that are reported simply as “unknown.”
Other highlights:
- Data breaches of paper records account for 26% of all reported breaches in 2009 (up 41% from 2008).
- The business sector was responsible for 41% of all reported breaches last year (compared to 21% in 2008).
