DATA BREACHES 2008…STILL AN UGLY MESS
I hesitate to throw statistics at my readers, but, as they say, there is safety in numbers, and the best way to illustrate the identity theft problem is to expose the numbers. Millions of them. Brian Krebs in his Washington Post “Security Fix” column posted this past April 2, reported that 8.3 million personal and financial records had been compromised since January, resulting from 167 data breaches. In all of 2007 there were 448 data breaches recorded. The statistics come from Identity Theft Resource Center.
Now get this; since April 2, 2008, the number of records exposed has grown to 16, 683,718, doubling the first quarter in just an additional two months. It took only 131 more breaches to reach the twofold mark, for a total today of 298. That means we are already at 66.5 percent of 2007 in only five months and growing. There was a large breach at Hannaford Bros. super markets of 4.2 million, but this sort of thing seems to be happening on an annual basis. Remember TJX (TJ Maxx, Marshalls retail stores) where 94 million credit and debit card numbers were lost to hackers last year?
Krebs confirms figures that we have seen quoted before showing business accounting for around 36 percent of the data breaches; next, schools and universities 25 percent; government and military 18 percent; health care 14 percent; and banking and financial 7 percent. See the industry breakdown here. Additional figures are the fact that 13 percent of breaches are from outside hackers; the majority of data loss from lost or stolen laptops. And insiders still do play a part in this fraud.
It is most interesting to see who the players are and they are a broad range from business to government, military, universities, hospitals, and huge lending institutions. To mention a few: the IRS lost 15,000 records, Pfizer, a repeater, 13,000; the Marine Corp. 17,000; University of Miami 2.1 million; Staten Island U. Hospital 88,000; Bank New York Mellon Shareholders Services 4,504,690; GE Money-Americas 650,000. In all cases some type of personal data went missing which included from name and addresses to Social Security numbers to medical records.
ITRC says some of the things prompting the increases in breaches are consumer awareness and mandatory laws for reporting where business would prefer releasing the bad news rather than have it come from the media.
I encourage you to go to the ITRC site and click around on the different choices. Under Consumer Resources there are Prevention Tips and Consumer Guide. Victim Resources provides Solutions and Letter Templates. And the State and Local Resources button will lead you direct to your state with complete information on what help you can get at the local level. It is only through education and preparedness that we can eventually eliminate identity theft, and you must do your part.