THE OPEN DOOR TO DATA BREACHES

As of November 1, 2007, there have been 718 data breaches since January 2005, outing almost 216 million personal records to potential ID thieves, according to Privacy Rights Clearinghouse Chronology of Data Breaches. So far in 2007, there have been 288 breaches, compared to a total of 336 in 2006, with 2007 on target to surpass that. 2007 has also accounted for the largest data breach ever with the TJX (TJ Maxx, Marshalls) loss of 94 million records, and then there was Monster.com’s releasing of 1.6 million e-mail addresses which were a mouthwatering treat for the phishing community. State governments, we have a problem, and I defer to the states because Congressional leaders cannot get their act together to come up with even the simplest of identity protection for the American consumer. Meanwhile, the breaches are in bountiful supply. In October, Home Depot had a laptop stolen with 10,000 employees’ names/addresses and Social Security numbers. However, it included no customer data. Boston-based Iron Mountain Inc.—get this, a data protection and storage company—lost ten year’s worth of bank account records and Social Security numbers for nearly all of Louisiana college applicants and their parents. (Read the story) Also in October, the TSA lost or had stolen the personal data (name/address, birthday, driver’s license number, and some SS#s) of 3,930 truckers who handled hazardous waste. Back in May the TSA lost a hard drive containing private information on 100,000 government workers. (See article) Still in October, ComputerWorld reported a laptop stolen with the unencrypted personal data of 159,000 former and current employees. The breacher was Administaff, a Houston-based provider of outsourced human resources services. And then there are three colleges/universities that continue the dangerous trend in this field. Fact: over 25 percent of all data breaches come from higher education. The three losing personal data including Social Security numbers are Dixie State College of Salt Lake city; Bates of Lewiston, Maine, and the University of Nevada in Reno. Ohioans are now suffering from the Hartford Financial Services Group’s three “misplaced” backup tapes containing the private information of 230,000 customers. An interesting announcement by a company spokesman said that the “information could only be read by extremely sophisticated equipment.” Don’t know what closet he’s been in, but the sophistication of the ID thieves far surpasses that of today’s security industry. And finally back to the medical community, where Clarian Health Partners of Indiana “misplaced” a mobile device that allows organ transplant teams to contact patients waiting for an organ. It includes name/address, SS# and certain medical information. Clarian assures its patients this does not affect their ability to make the necessary contacts to perform the transplant. Fact: Over 14 percent of all data breaches come from the medical field. There isn’t much chance this will slow down. In fact, the crooks are finding new sources every day, and new means to milk those sources for their individual sensitive data. My concern is the “Apathetics” who are in the majority, and how they will influence those who are genuinely troubled over the security of their identity.