Record Number Of Data Breaches Reported In 2007 - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Information Management
News
12/31/2007
04:14 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Record Number Of Data Breaches Reported In 2007

Researchers with the Identity Theft Resource Center cited 443 breaches in the U.S. in 2007 in their annual report, compared to the 315 they identified in 2006.

The number of publicly reported data breaches in the U.S. rose by more than 40% in 2007, compared to the previous year, according to statistics compiled by the Identity Theft Resource Center (ITRC), a consumer rights advocacy group.

In its December 24 report, the ITRC said that there were publicly reported 443 breaches in the U.S. in 2007. In 2006, the ITRC identified 315 publicized breaches.

Some 127 million data records were exposed during 2007. In 2006, nearly 20 million records were exposed. In 2005, there were 158 breaches reported involving about 65 million records.

The ITRC will have to update its list to reflect breaches reported during the last seven days of the year, something organization founder Linda Foley said would happen next week.

On Friday, the Tennessean.com reported that someone broke into a Davidson County election office over the Christmas holiday and stole laptops believed to contain the Social Security numbers and other personal information for more than 337,000 registered voters in the Tennessee county.

That same day, the Pioneer Press in Minnesota reported that a laptop containing the personal information of 219 Minnesotans had been stolen from a Pennsylvania vendor doing business with the Minnesota State Commerce Department.

Also on Friday, television station WSFA in Montgomery, Alabama reported that the U.S. Air Force had sent letters to current and former service members whose Social Security numbers, birth dates, addresses, and telephone numbers were on a laptop that was stolen from the home of an Air Force band member based at Bolling Air Force Base in Washington D.C. The station subsequently reported that the missing laptop contained the personal information of 10,501 individuals.

The rise in reported breaches may not be exclusively a reflection of rising data thievery. The ITRC speculates that in addition to an increase in data theft, more data breaches are being reported to the public. And it remains to be seen whether 2007 proves to be a high water mark for data loss, given that the T.J. Maxx breach accounted for 94 million of the 127 million exposed customer records.

Foley reluctantly characterized 2007 as the worst on record from a statistical perspective, but cautioned that the T.J. Maxx breach skews the statistics. "I don't know whether we're seeing more breaches because there's mandatory reporting or because there are more," she said, adding that 39 states and the District of Columbia now require organizations to report data breaches.

But even if 2007 proves to be an aberration, the costs associated with data breaches appear to be rising. According to a study released in November by the Ponemon Institute, an information practices consultancy, data breaches cost businesses an average of $197 per customer record in 2007, up from $182 in 2006.

And that perhaps explains why Cisco, Google, Raytheon, Symantec, Trend Micro, and Websense have all made acquisitions in the past year or so to strengthen their data loss protection offerings. A Gartner report in May estimated that the $50 million data leak protection market measured in 2006 would as much as triple by the end of 2007.

Foley nonetheless expressed optimism, noting that in regulated industries like finance and healthcare, there are far fewer breaches than in other areas of business. "Both are highly regulated industries with a number of government agencies looking over their shoulders," she said. "[But] a lot of the businesses still have not learned how to handle information correctly."

As an example, she points to the fact that only 13 of the data breaches out of 443 reported to date this year involved encrypted data, which is far less vulnerable to unauthorized access or misuse.

While 2007 could fairly be called the year of the data breach, Foley prefers to think of it as the year of data breach awareness. "I think there is a greater awareness this year that is going to have a ripple effect over the next couple of years," she said. "And hopefully that is going to bring the number of breaches down."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Enterprise Guide to Edge Computing
Cathleen Gagne, Managing Editor, InformationWeek,  10/15/2019
News
Rethinking IT: Tech Investments that Drive Business Growth
Jessica Davis, Senior Editor, Enterprise Apps,  10/3/2019
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll