2009 Data Breaches: Identity Theft Continues

Robert Siciliano Identity Theft Expert

The Identity Theft Resource Center® Breach Report recorded 498 breaches, less than the 657 in 2008, more than the 446 in 2007. Are data breaches increasing or decreasing? That is the question no one can answer. This fact will not change until there is a single data breach list requiring mandatory public reporting. With some breaches not being reported publicly, and some state Attorneys General not allowing public access to reported breaches, we doubt that anyone is in a position to answer the question above. When we allow laws to be created requiring breach reporting but not disclosure, and provide minimal enforcement or penalty for non-compliance, we can expect a lack of public disclosure. Counting breaches becomes an exercise in insanity.

ITRC collects information about data breaches made public via reliable media and notification lists from various governmental agencies. There are breaches that occurred in 2009 that never made public news. So rather than focus on a question without an answer, ITRC used percentages to analyze the 498 breaches recorded this year looking for any changes or new trends. (Both raw numbers and percentages have been provided in all charts)

The main highlights are:
• paper breaches account for nearly 26% of known breaches (an increase of 46% over 2008)
• business sector climbed from 21% to 41% between 2006 to 2009, the worst sector performance by far
• malicious attacks have surpassed human error for the first time in three years
• Out of 498 breaches, only six reported that they had either encryption or other strong security features protecting the exposed data

In 2009, the business sector increased to 41% of all the publicly reported breaches. While there are some small statistical changes in the other sectors, business continues to increase for the fifth year in a row. The financial and medical industries, perhaps due to stringent regulations, maintain the lowest percentage of breaches.

Business 41.2%

Educational 15.7%

Government/Military 18.1%

Health/Medical 13.7%

Banking/Credit/Financial 11.4%

The ITRC Breach Report recorded more than 222 million potentially compromised records in 2009. Of those, 200 million are attributed to two very large breaches. Before obsessing with record count, however, one should be aware that in more than 52% of the breaches publicly reported, NO statement of the number of records exposed is given. Therefore, it is unknown how many total records may have been exposed due to breaches in 2009.”

Protect your identity. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing identity theft on Fox News