2008 on pace for record number of breaches
In the first three months of 2008, the number of data breaches more
than doubled over the same period last year, according to the Identity
Theft Resource Center (ITRC), a nonprofit that helps victims of
The center also noted, in this latest report, a rise in insider thefts, particularly within the business community.
As of Tuesday, the center had recorded 167 incidents that exposed
8,391,871 personal records this year, punctuated by Hannaford Bros.
grocery breach that potentially compromised some 4.2 million credit and
debit card numbers.
The center had tracked just 76 breaches by April 1, 2007. For all of
2007, the center said that 127,725,343 personal records were stolen in
In addition to the increased threat landscape, the ITRC saw "a shift in
who"s having breaches," Jay Foley, the ITRC"s executive director, told
The business community has suffered more heavily this year than in the
past, he said, noting that only 21 percent of the breaches the center
tracked in 2006 involved the business sector compared to 29 percent in
2007 and 36 percent this year.
However, companies in the financial vertical, on the other hand, have
suffered fewer breaches since the ITRC began tracking data-loss
incidents. In 2006 they were responsible for 8 percent of the breaches;
this year that was down to 7.2 percent.
Educational institutions accounted for 28 percent of the breaches in
2006 and 25 percent in 2007 and 2008. Government agencies suffered 30
percent of 2006"s losses, then dropped to 24.6 percent in 2007 and 18
percent so far this year. Medical and health care organizations had 13
percent of the 2006 losses, 15 percent for 2007 and 14 percent for 2008.
Foley attributed stringent government regulations to the financial sector"s improvement.
"That industry has the strongest regulatory controls of any group, the
companies have been at it longer, and there are a variety of laws they
must comply with," he said.
On the other hand, "We"re seeing more and more reports of insider
thefts and more data on the move being lost" by the business community,
he said. He noted that 15 percent of the breaches the ITRC has tallied
this year came from insiders.
"That means someone within the organization is helping himself to data, and that"s rather alarming,” Foley said.
The problem, Foley said, is that some businesses are not governed by
the same regulations of banks, hospitals and the military so they lack
similar security measurements.